Details
-
Bug
-
Resolution: Fixed
-
P3
-
8, 9, 10
-
b33
-
generic
-
generic
Description
FULL PRODUCT VERSION :
openjdk version "9.0.1"
OpenJDK Runtime Environment (build 9.0.1+11)
OpenJDK 64-Bit Server VM (build 9.0.1+11, mixed mode)
A DESCRIPTION OF THE PROBLEM :
The ImageReader com.sun.imageio.plugins.png.PNGImageReader throws a java.lang.IllegalArgumentException with message "Empty Region!" when attempting to decode malformed image files whose IHDR sections specify negative WIDTH and/or HEIGHT dimensions.
As per the spec, the reader should throw a java.io.IOException indicating that the image is malformed.
The root cause of this is that PNGReader.readHeader() only validates that width and height are not equal to zero (and correctly throws an IIOException if they are zero), but does not ensure that they are non-negative. This should be an easy fix.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Construct a PNG with an IHDR section where the width and/or height has the most significant bit set to 1.
A self-contained example is provided below. Simply compile and run the main class PngReaderEmptyRegionIssue.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Expected an instance of java.io.IOException (such as javax.imageio.IIOException) stating that the image is malformed.
ACTUAL -
Got a java.lang.IllegalArgumentException: Empty Region!
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.IllegalArgumentException: Empty region!
at javax.imageio.ImageReader.computeRegions(ImageReader.java:2702)
at javax.imageio.ImageReader.getDestination(ImageReader.java:2882)
at com.sun.imageio.plugins.png.PNGImageReader.readImage(PNGImageReader.java:1317)
at com.sun.imageio.plugins.png.PNGImageReader.read(PNGImageReader.java:1614)
at javax.imageio.ImageIO.read(ImageIO.java:1448)
at javax.imageio.ImageIO.read(ImageIO.java:1352)
at PngReaderEmptyRegionIssue.main(PngReaderEmptyRegionIssue.java:21)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.Base64;
import javax.imageio.ImageIO;
public class PngReaderEmptyRegionIssue {
// PNG image test case (encoded as base64 to avoid attaching files)
private static String inputImageBase64 = "iVBORw0KGgoAAAANSUhEUoAAACA" +
"AAAABCAMAAABEpIrGAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAA" +
"AAA9QTFRFZszM////AAAAM5lmmf/MPkyvFQAAAGFJREFUeNrckzEOwCAMA5OY/7+5NBQ" +
"J1DphYaA3sPgkCwtEE0TVAm7BCkfMBaHgp4JvFwjPulSoITAabwHwk1a0PBB6TSBM+bc" +
"w5ERIlkQiTEPuqTj2ydWbUWzl8yZcAgwA0mYDNbDXy5oAAAo=";
public static void main(String[] args) throws java.io.IOException {
// Convert test case into input stream
byte[] inputBytes = Base64.getDecoder().decode(inputImageBase64);
InputStream in = new ByteArrayInputStream(inputBytes);
// Attempt to read PNG
ImageIO.read(in); // Throws java.lang.IllegalArgumentException: Empty Region!
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
A workaround is to use ImageReader.getWidth() and ImageReader.getHeight() to ensure that dimensions are non-negative before invoking read().
openjdk version "9.0.1"
OpenJDK Runtime Environment (build 9.0.1+11)
OpenJDK 64-Bit Server VM (build 9.0.1+11, mixed mode)
A DESCRIPTION OF THE PROBLEM :
The ImageReader com.sun.imageio.plugins.png.PNGImageReader throws a java.lang.IllegalArgumentException with message "Empty Region!" when attempting to decode malformed image files whose IHDR sections specify negative WIDTH and/or HEIGHT dimensions.
As per the spec, the reader should throw a java.io.IOException indicating that the image is malformed.
The root cause of this is that PNGReader.readHeader() only validates that width and height are not equal to zero (and correctly throws an IIOException if they are zero), but does not ensure that they are non-negative. This should be an easy fix.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Construct a PNG with an IHDR section where the width and/or height has the most significant bit set to 1.
A self-contained example is provided below. Simply compile and run the main class PngReaderEmptyRegionIssue.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Expected an instance of java.io.IOException (such as javax.imageio.IIOException) stating that the image is malformed.
ACTUAL -
Got a java.lang.IllegalArgumentException: Empty Region!
ERROR MESSAGES/STACK TRACES THAT OCCUR :
Exception in thread "main" java.lang.IllegalArgumentException: Empty region!
at javax.imageio.ImageReader.computeRegions(ImageReader.java:2702)
at javax.imageio.ImageReader.getDestination(ImageReader.java:2882)
at com.sun.imageio.plugins.png.PNGImageReader.readImage(PNGImageReader.java:1317)
at com.sun.imageio.plugins.png.PNGImageReader.read(PNGImageReader.java:1614)
at javax.imageio.ImageIO.read(ImageIO.java:1448)
at javax.imageio.ImageIO.read(ImageIO.java:1352)
at PngReaderEmptyRegionIssue.main(PngReaderEmptyRegionIssue.java:21)
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.Base64;
import javax.imageio.ImageIO;
public class PngReaderEmptyRegionIssue {
// PNG image test case (encoded as base64 to avoid attaching files)
private static String inputImageBase64 = "iVBORw0KGgoAAAANSUhEUoAAACA" +
"AAAABCAMAAABEpIrGAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAA" +
"AAA9QTFRFZszM////AAAAM5lmmf/MPkyvFQAAAGFJREFUeNrckzEOwCAMA5OY/7+5NBQ" +
"J1DphYaA3sPgkCwtEE0TVAm7BCkfMBaHgp4JvFwjPulSoITAabwHwk1a0PBB6TSBM+bc" +
"w5ERIlkQiTEPuqTj2ydWbUWzl8yZcAgwA0mYDNbDXy5oAAAo=";
public static void main(String[] args) throws java.io.IOException {
// Convert test case into input stream
byte[] inputBytes = Base64.getDecoder().decode(inputImageBase64);
InputStream in = new ByteArrayInputStream(inputBytes);
// Attempt to read PNG
ImageIO.read(in); // Throws java.lang.IllegalArgumentException: Empty Region!
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
A workaround is to use ImageReader.getWidth() and ImageReader.getHeight() to ensure that dimensions are non-negative before invoking read().
Attachments
Issue Links
- links to
