Backups/TwelveMonkeys
2
0
Fork 0
mirror of https://github.com/haraldk/TwelveMonkeys.git synced 2026-04-30 00:00:01 -04:00
Code Issues Projects Releases Wiki Activity

#393: Input size validation of ICC profiles

Browse Source
This commit is contained in:
Harald Kuhr
2017-11-18 15:54:27 +01:00
parent 719b6e7883
commit cd9f3a036e
3 changed files with 45 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
imageio/imageio-tiff/src/main/java/com/twelvemonkeys/imageio/plugins/tiff/TIFFImageReader.java
+7 -1
View File
@@ -2205,6 +2205,13 @@ public final class TIFFImageReader extends ImageReaderBase {
if (entry != null) {
byte[] value = (byte[]) entry.getValue();
// Validate ICC profile size vs actual value size
int size = (value[0] & 0xff) << 24 | (value[1] & 0xff) << 16 | (value[2] & 0xff) << 8 | (value[3] & 0xff);
if (size < 0 || size > value.length) {
processWarningOccurred("Ignoring truncated ICC profile: Bad ICC profile size (" + size + ")");
return null;
}
try {
// WEIRDNESS: Reading profile from InputStream is somehow more compatible
// than reading from byte array (chops off extra bytes + validates profile).
@@ -2218,7 +2225,6 @@ public final class TIFFImageReader extends ImageReaderBase {
return null;
}
@Override
public boolean canReadRaster() {
return true;