Jpeg decoder IndexOutOfRangeException(s) with malformed images #1693
Description
Prerequisites
- I have written a descriptive issue title
- I have verified that I am running the latest version of ImageSharp
- I have verified if the problem exist in both
DEBUGandRELEASEmode - I have searched open and closed issues to ensure it has not already been reported
Description
I malformed SOS segment of the baseline image by hand which led to non-library exception thrown from ProcessStartOfScanMarker method.
Stack traces:
Image SOS_components_baseline_s420_q100.jpg:
Unhandled exception. System.IndexOutOfRangeException: Index was outside the bounds of the array.
at SixLabors.ImageSharp.Formats.Jpeg.JpegDecoderCore.ProcessStartOfScanMarker(BufferedReadStream stream, CancellationToken cancellationToken) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\JpegDecoderCore.cs:line 1043
at SixLabors.ImageSharp.Formats.Jpeg.JpegDecoderCore.ParseStream(BufferedReadStream stream, Boolean metadataOnly, CancellationToken cancellationToken) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\JpegDecoderCore.cs:line 290
at SixLabors.ImageSharp.Formats.Jpeg.JpegDecoderCore.Decode[TPixel](BufferedReadStream stream, CancellationToken cancellationToken) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\JpegDecoderCore.cs:line 216
at SixLabors.ImageSharp.Formats.ImageDecoderUtilities.Decode[TPixel](IImageDecoderInternals decoder, Configuration configuration, Stream stream, Func`3 largeImageExceptionFactory) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\ImageDecoderUtilities.cs:line 162
at SixLabors.ImageSharp.Formats.ImageDecoderUtilities.Decode[TPixel](IImageDecoderInternals decoder, Configuration configuration, Stream stream) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\ImageDecoderUtilities.cs:line 149
at SixLabors.ImageSharp.Formats.Jpeg.JpegDecoder.Decode[TPixel](Configuration configuration, Stream stream) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\JpegDecoder.cs:line 28
at SixLabors.ImageSharp.Formats.Jpeg.JpegDecoder.Decode(Configuration configuration, Stream stream) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\JpegDecoder.cs:line 33
at SixLabors.ImageSharp.Image.Decode(Stream stream, Configuration config) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.Decode.cs:line 191
at SixLabors.ImageSharp.Image.<>c__DisplayClass139_0.<Load>b__0(Stream s) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromStream.cs:line 683
at SixLabors.ImageSharp.Image.WithSeekableStream[T](Configuration configuration, Stream stream, Func`2 action) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromStream.cs:line 731
at SixLabors.ImageSharp.Image.Load(Configuration configuration, Stream stream, IImageFormat& format) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromStream.cs:line 683
at SixLabors.ImageSharp.Image.Load(Configuration configuration, String path, IImageFormat& format) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromFile.cs:line 477
at SixLabors.ImageSharp.Image.Load(Configuration configuration, String path) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromFile.cs:line 188
at SixLabors.ImageSharp.Image.Load(String path) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromFile.cs:line 163
at SixLabors.ImageSharp.Tests.ProfilingSandbox.Program.Main(String[] args) in D:\Programming\C#\ImageSharp\tests\ImageSharp.Tests.ProfilingSandbox\Program.cs:line 42
Image SOS_huffmanIndex_baseline_s420_q100.jpg:
Unhandled exception. System.IndexOutOfRangeException: Index was outside the bounds of the array.
at SixLabors.ImageSharp.Formats.Jpeg.Components.Decoder.HuffmanScanDecoder.ParseBaselineDataInterleaved() in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\Components\Decoder\HuffmanScanDecoder.cs:line 148
at SixLabors.ImageSharp.Formats.Jpeg.Components.Decoder.HuffmanScanDecoder.ParseBaselineData() in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\Components\Decoder\HuffmanScanDecoder.cs:line 130
at SixLabors.ImageSharp.Formats.Jpeg.Components.Decoder.HuffmanScanDecoder.ParseEntropyCodedData() in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\Components\Decoder\HuffmanScanDecoder.cs:line 109
at SixLabors.ImageSharp.Formats.Jpeg.JpegDecoderCore.ProcessStartOfScanMarker(BufferedReadStream stream, CancellationToken cancellationToken) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\JpegDecoderCore.cs:line 1065
at SixLabors.ImageSharp.Formats.Jpeg.JpegDecoderCore.ParseStream(BufferedReadStream stream, Boolean metadataOnly, CancellationToken cancellationToken) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\JpegDecoderCore.cs:line 290
at SixLabors.ImageSharp.Formats.Jpeg.JpegDecoderCore.Decode[TPixel](BufferedReadStream stream, CancellationToken cancellationToken) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\JpegDecoderCore.cs:line 216
at SixLabors.ImageSharp.Formats.ImageDecoderUtilities.Decode[TPixel](IImageDecoderInternals decoder, Configuration configuration, Stream stream, Func`3 largeImageExceptionFactory) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\ImageDecoderUtilities.cs:line 162
at SixLabors.ImageSharp.Formats.ImageDecoderUtilities.Decode[TPixel](IImageDecoderInternals decoder, Configuration configuration, Stream stream) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\ImageDecoderUtilities.cs:line 149
at SixLabors.ImageSharp.Formats.Jpeg.JpegDecoder.Decode[TPixel](Configuration configuration, Stream stream) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\JpegDecoder.cs:line 28
at SixLabors.ImageSharp.Formats.Jpeg.JpegDecoder.Decode(Configuration configuration, Stream stream) in D:\Programming\C#\ImageSharp\src\ImageSharp\Formats\Jpeg\JpegDecoder.cs:line 33
at SixLabors.ImageSharp.Image.Decode(Stream stream, Configuration config) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.Decode.cs:line 191
at SixLabors.ImageSharp.Image.<>c__DisplayClass139_0.<Load>b__0(Stream s) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromStream.cs:line 683
at SixLabors.ImageSharp.Image.WithSeekableStream[T](Configuration configuration, Stream stream, Func`2 action) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromStream.cs:line 731
at SixLabors.ImageSharp.Image.Load(Configuration configuration, Stream stream, IImageFormat& format) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromStream.cs:line 683
at SixLabors.ImageSharp.Image.Load(Configuration configuration, String path, IImageFormat& format) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromFile.cs:line 477
at SixLabors.ImageSharp.Image.Load(Configuration configuration, String path) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromFile.cs:line 188
at SixLabors.ImageSharp.Image.Load(String path) in D:\Programming\C#\ImageSharp\src\ImageSharp\Image.FromFile.cs:line 163
at SixLabors.ImageSharp.Tests.ProfilingSandbox.Program.Main(String[] args) in D:\Programming\C#\ImageSharp\tests\ImageSharp.Tests.ProfilingSandbox\Program.cs:line 42
Steps to Reproduce
Use these malformed images: Malformed_Images.zip
How given images were generated:
Image SOS_components_baseline_s420_q100.jpg:
Valid Baseline/Progressive jpeg with 3 components, changed SOS marker data:
00 0C 03 01 XX 02 XX 03 XX with 00 0C 04 01 XX 02 XX 03 XX 01 XX
This basically tells that scan has 4 components instead of 3 defined at SOF which is not checked in current implementation. 0C 'remaining bytes' values isn't checked either and doesn't affect this problem.
Image SOS_huffmanIndex_baseline_s420_q100.jpg:
Valid Baseline/Progressive jpeg, changed huffman index to something stupid like FF:
00 0C 03 01 00 02 11 03 11 to 00 0C 03 01 FF 02 11 03 11
Note that maximum possible huffman index atm is 3 as decoder explicitely allocates 4 buffers for dc and ac tables while FF is 16 & 16 for both.