[OpenJDK 2D-Dev] [11] RFR JDK-8191023: PngReader throws NegativeArraySizeException when keyword length exceeds chunk size

Sergey Bylokhov Sergey.Bylokhov at oracle.com
Thu Jan 25 00:14:03 UTC 2018

On 22/01/2018 23:17, Prahalad Kumar Narayanan wrote:
> My suggestion was to -
> . 'Generate' CRC from Chunk data and compare it with the retrieved value at Line 731 'before' proceeding to process any of the chunks.
> . In mal-formed chunks (corrupted chunk length /or chunk data), the CRC check will fail thus giving an effective way to identify a valid chunk.
> . Many of the if (...) conditions that 've been added to parse_<Chunk> methods can be avoided with CRC check done upfront.

Is it possible that CRC will be broken/malformed as well as a chunk 
data?(For example if it is generated on top of incorrect data?), if yes 
then we should check the data itself for correct/incorrect values.

Best regards, Sergey.

More information about the 2d-dev mailing list