Bug 42255 - [PATCH] Infinite loop reading WMF file
Summary: [PATCH] Infinite loop reading WMF file
Status: RESOLVED FIXED
Alias: None
Product: Batik - Now in Jira
Classification: Unclassified
Component: Utilities (show other bugs)
Version: 1.7
Hardware: Other other
: P2 major
Target Milestone: ---
Assignee: Batik Developer's Mailing list
URL:
Keywords: PatchAvailable
Depends on:
Blocks:
 
Reported: 2007-04-25 18:12 UTC by Trejkaz (pen name)
Modified: 2007-09-19 21:12 UTC (History)
0 users



Attachments
test.wmf from ImageMagick distribution (232.98 KB, application/octet-stream)
2007-04-25 18:13 UTC, Trejkaz (pen name)
Details
Patch to fix the issue (1.67 KB, patch)
2007-04-25 18:22 UTC, Trejkaz (pen name)
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Trejkaz (pen name) 2007-04-25 18:12:03 UTC
A certain WMF test file which happens to be part of the ImageMagick distribution
causes an infinite loop in AbstractWMFReader.
Comment 1 Trejkaz (pen name) 2007-04-25 18:13:00 UTC
Created attachment 20046 [details]
test.wmf from ImageMagick distribution

Here's one of the files which causes the issue.
Comment 2 Trejkaz (pen name) 2007-04-25 18:22:12 UTC
Created attachment 20047 [details]
Patch to fix the issue

Straightforward fix.  Image file is apparently truncated.  Code in fillBytes
wasn't checking for a -1 return code from read().  Removed error prone method
since DataInputStream already has readFully() which does exactly the same
thing, and changed calls to use the built-in one.
Comment 3 Trejkaz (pen name) 2007-04-25 18:22:32 UTC
Would be nice if this could make it into the 1.7 final. :-)
Comment 4 info 2007-05-15 01:10:20 UTC
your evaluation looks good. patch coming soon.
Comment 5 Trejkaz (pen name) 2007-07-23 00:34:27 UTC
More precisely, there is already a patch. ;-)
Comment 6 Cameron McCormack 2007-09-19 21:06:08 UTC
This was fixed with the bug #43194 patch.
Comment 7 Cameron McCormack 2007-09-19 21:12:04 UTC
Sorry, it wasn't fixed with that other patch, but I've changed the .read() calls
to .readFully() as you have in your patch.