-
-
Notifications
You must be signed in to change notification settings - Fork 317
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebP: Some images are throwing an ArrayIndexOutOfBoundsException when reading #739
Comments
This seems to be a simple issue, and I already found a possible way to fix it. |
After finding more images that cause the same (or a similar) exception, I realized that the issue is not as simple as I thought. |
Thanks for looking into this! Feel free to share what you have found so far, maybe I can help solving the case! 😀 |
I've got an 1024x1024 WEBP. When resized to 1019x1019 or below, I don't get this error, but when resized to 1020x1020 or above, I do. Both are included. Due to the verbiage of AWT's I'm in way over my head but I'll continue investigating |
Other 3 WEBP files that cause the issue. |
It only affects small webp images for my project, since my project uses several 1KB~10MB files, but ArrayIndexOutOfBoundsException mostly happens when reading less than ~700KB images, but I also find 2 large files. Found 878 errors on a nearly 1200 file project. |
Thanks @Flyfish233 and @wladimirleite for samples! I'll investigate. 😀 |
Something new on this issue? |
@FriedrichF Sorry, no. I did some testing and can reproduce the problem. I have some ideas what this might be, wasn't able to fix the problem back then. I'm pretty busy these days, and my current funding is about 30min/month... 😛 So, if anyone can spend some quality time on this, that would be much appreciated! |
Thanks for looking into this! This is pretty much where I'm at too, at the moment. I can make the exceptions go away (or have them pop up in other places), but it doesn't really fix the problem. We need to understand why the coordinates were manipulated in this way in the first place, to get the desired output...
Fully understandable. And absolutely agree. 😕 |
I have some other ideas. Maybe I can find time to check the one or other:
These are just some thoughts |
Here is a small update. |
I could check some further things. |
While I don't think the errors we see are related to the CVE, and Java's memory handling should effectively guard against such attacks in our code, it's still an interesting read. And yes, the problem might be in the Huffman decoding class, so it's worth debugging and perhaps looking for differences from the C implementation. |
@wladimirleite the issue not fixed yet? found same issue when process some webp files |
In my limited time I did some further investigations. This is a debug output from this lib (BW REF means Backward Reference) Kermit image:
This is from the C implementation (please ignore x/y, It's always 0/0 here):
Notice the difference in the last line. Java reads a length: 3584 and C reads length: 4095 (and continues reading 4095 for around 50 times). It happens after the C implementation calls ReadPackedSymbols the first time: https://github.com/webmproject/libwebp/blob/main/src/dec/vp8l_dec.c#L210 Since ReadPackedSymbols resets the bit stream position in both cases (if/else) I guess this is the difference to the Java implementation here. But since this Hufmann implementation differs a lot from the original C implementation and I couldn't find a good WEBP reference regarding Packed Symbols and my time is limited, I can only write that down for others to pick up. |
Thanks @Chris-SP365! I'll try to use your findings in further debugging! |
Describe the bug
I found a few WebP images that seem valid that are throwing an ArrayIndexOutOfBoundsException when reading.
Version information
The version of the TwelveMonkeys ImageIO library in use:
3.9.4. I also tested with the master branch.
The exact output of
java --version
:openjdk version "11.0.13" 2021-10-19 LTS
OpenJDK Runtime Environment (build 11.0.13+8-LTS)
OpenJDK 64-Bit Server VM (build 11.0.13+8-LTS, mixed mode, sharing)
Extra information about OS version, server version, standalone program or web application packaging, executable wrapper, etc.
I tested in Windows 11.
To Reproduce
Run a simple standalone program (below), using the WebP ImageIO plugin.
Expected behavior
As the sample images I found seem to be valid (i.e. they are read without any trouble by ImageMagick, Google Chrome etc.), they should be read.
Example code
Sample files
sample-webp-images.zip
Stack trace
Running with the test program using 3.9.4, I get the following exception:
Additional context
This seems to be a very rare issue, as it affects about 1/5000 of the test images I am using.
The text was updated successfully, but these errors were encountered: