7058662: AiffFileReader throws java.lang.ArithmeticException: division by zero when frame size is zero
authorserb
Thu, 10 Oct 2013 02:35:27 +0400
changeset 21245 786207514920
parent 21244 7c2ac5ca05a2
child 21246 9d1752954b0e
7058662: AiffFileReader throws java.lang.ArithmeticException: division by zero when frame size is zero 7058666: Unexpected exception in AU parser code 7058672: Unexpected exceptions and freezes in WAV parser code Reviewed-by: prr
jdk/src/share/classes/com/sun/media/sound/AiffFileReader.java
jdk/src/share/classes/com/sun/media/sound/AuFileReader.java
jdk/src/share/classes/com/sun/media/sound/WaveFileReader.java
jdk/test/javax/sound/sampled/FileReader/ReadersExceptions.java
--- a/jdk/src/share/classes/com/sun/media/sound/AiffFileReader.java	Wed Oct 09 14:32:15 2013 -0700
+++ b/jdk/src/share/classes/com/sun/media/sound/AiffFileReader.java	Thu Oct 10 02:35:27 2013 +0400
@@ -51,15 +51,6 @@
 
     private static final int MAX_READ_LENGTH = 8;
 
-    /**
-     * Constructs a new AiffParser object.
-     */
-    public AiffFileReader() {
-    }
-
-
-
-
     // METHODS TO IMPLEMENT AudioFileReader
 
     /**
@@ -292,9 +283,15 @@
                     throw new UnsupportedAudioFileException("Invalid AIFF/COMM chunksize");
                 }
                 // Read header info.
-                int channels = dis.readShort();
-                dis.readInt();
-                int sampleSizeInBits = dis.readShort();
+                int channels = dis.readUnsignedShort();
+                if (channels <= 0) {
+                    throw new UnsupportedAudioFileException("Invalid number of channels");
+                }
+                dis.readInt(); // numSampleFrames
+                int sampleSizeInBits = dis.readUnsignedShort();
+                if (sampleSizeInBits < 1 || sampleSizeInBits > 32) {
+                    throw new UnsupportedAudioFileException("Invalid AIFF/COMM sampleSize");
+                }
                 float sampleRate = (float) read_ieee_extended(dis);
                 chunkRead += (2 + 4 + 2 + 10);
 
@@ -438,7 +435,4 @@
 
         return f;
     }
-
-
-
 }
--- a/jdk/src/share/classes/com/sun/media/sound/AuFileReader.java	Wed Oct 09 14:32:15 2013 -0700
+++ b/jdk/src/share/classes/com/sun/media/sound/AuFileReader.java	Thu Oct 10 02:35:27 2013 +0400
@@ -49,13 +49,6 @@
  */
 public final class AuFileReader extends SunFileReader {
 
-    /**
-     * Constructs a new AuFileReader object.
-     */
-    public AuFileReader() {
-    }
-
-
     // METHODS TO IMPLEMENT AudioFileReader
 
     /**
@@ -90,7 +83,7 @@
         int frameRate      = -1;
         int frameSize      = -1;
         int channels       = -1;
-        int sampleSizeInBits = 0;
+        final int sampleSizeInBits;
         int length = 0;
         int nread = 0;
         AudioFormat.Encoding encoding = null;
@@ -118,6 +111,10 @@
         encoding_local = (bigendian==true ? dis.readInt() : rllong(dis) );  nread += 4;
         sampleRate     = (bigendian==true ? dis.readInt() : rllong(dis) );  nread += 4;
         channels       = (bigendian==true ? dis.readInt() : rllong(dis) );  nread += 4;
+        if (channels <= 0) {
+            dis.reset();
+            throw new UnsupportedAudioFileException("Invalid number of channels");
+        }
 
         frameRate = sampleRate;
 
@@ -372,7 +369,4 @@
 
         return result;
     }
-
-
-
 }
--- a/jdk/src/share/classes/com/sun/media/sound/WaveFileReader.java	Wed Oct 09 14:32:15 2013 -0700
+++ b/jdk/src/share/classes/com/sun/media/sound/WaveFileReader.java	Thu Oct 10 02:35:27 2013 +0400
@@ -53,13 +53,6 @@
     private static final int MAX_READ_LENGTH = 12;
 
     /**
-     * Constructs a new WaveFileReader object.
-     */
-    public WaveFileReader() {
-    }
-
-
-    /**
      * Obtains the audio file format of the input stream provided.  The stream must
      * point to valid audio file data.  In general, audio file providers may
      * need to read some data from the stream before determining whether they
@@ -304,6 +297,9 @@
         }
         // channels
         channels = rlshort(dis); nread += 2;
+        if (channels <= 0) {
+            throw new UnsupportedAudioFileException("Invalid number of channels");
+        }
 
         // sample rate.
         sampleRate = rllong(dis); nread += 4;
@@ -316,6 +312,9 @@
 
         // this is the PCM-specific value bitsPerSample
         sampleSizeInBits = (int)rlshort(dis); nread += 2;
+        if (sampleSizeInBits <= 0) {
+            throw new UnsupportedAudioFileException("Invalid bitsPerSample");
+        }
 
         // if sampleSizeInBits==8, we need to use PCM_UNSIGNED
         if ((sampleSizeInBits==8) && encoding.equals(AudioFormat.Encoding.PCM_SIGNED))
@@ -373,5 +372,4 @@
                                   format,
                                   dataLength / format.getFrameSize());
     }
-
 }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/javax/sound/sampled/FileReader/ReadersExceptions.java	Thu Oct 10 02:35:27 2013 +0400
@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.sound.sampled.AudioSystem;
+import javax.sound.sampled.UnsupportedAudioFileException;
+
+/**
+ * @test
+ * @bug 7058662 7058666 7058672
+ * @author Sergey Bylokhov
+ */
+public final class ReadersExceptions {
+
+    // empty channels
+    static byte[] wrongAIFFCh =
+            {0x46, 0x4f, 0x52, 0x4d, // AiffFileFormat.AIFF_MAGIC
+             0, 0, 0, 0, // length
+             0, 0, 0, 0, // iffType
+             0x43, 0x4f, 0x4d, 0x4d, // chunkName
+             0, 0, 0, 100, // chunkLen
+             0, 0, // channels
+             0, 0, 0, 0, //
+             0, 10  // sampleSize
+                    , 0, 0, 0, 0};
+    // empty sampleSize
+    static byte[] wrongAIFFSSL =
+            {0x46, 0x4f, 0x52, 0x4d, //AiffFileFormat.AIFF_MAGIC
+             0, 0, 0, 0, // length
+             0, 0, 0, 0, // iffType
+             0x43, 0x4f, 0x4d, 0x4d, // chunkName
+             0, 0, 0, 100, // chunkLen
+             0, 10, // channels
+             0, 0, 0, 0, //
+             0, 0  // sampleSize
+                    , 0, 0, 0, 0};
+    // big sampleSize
+    static byte[] wrongAIFFSSH =
+            {0x46, 0x4f, 0x52, 0x4d, //AiffFileFormat.AIFF_MAGIC
+             0, 0, 0, 0, // length
+             0, 0, 0, 0, // iffType
+             0x43, 0x4f, 0x4d, 0x4d, // chunkName
+             0, 0, 0, 100, // chunkLen
+             0, 10, // channels
+             0, 0, 0, 0, //
+             0, 33  // sampleSize
+                    , 0, 0, 0, 0};
+    // empty channels
+    static byte[] wrongAUCh =
+            {0x2e, 0x73, 0x6e, 0x64,//AiffFileFormat.AU_SUN_MAGIC
+             0, 0, 0, 0, // headerSize
+             0, 0, 0, 0, // dataSize
+             0, 0, 0, 1, // encoding_local AuFileFormat.AU_ULAW_8
+             0, 0, 0, 0, // sampleRate
+             0, 0, 0, 0 // channels
+            };
+    // empty channels
+    static byte[] wrongWAVCh =
+            {0x52, 0x49, 0x46, 0x46, // WaveFileFormat.RIFF_MAGIC
+             1, 1, 1, 1, // fileLength
+             0x57, 0x41, 0x56, 0x45, //  waveMagic
+             0x66, 0x6d, 0x74, 0x20, // FMT_MAGIC
+             3, 0, 0, 0, // length
+             1, 0, // wav_type  WAVE_FORMAT_PCM
+             0, 0, // channels
+             0, 0, 0, 0, // sampleRate
+             0, 0, 0, 0, // avgBytesPerSec
+             0, 0, // blockAlign
+             1, 0, // sampleSizeInBits
+             0x64, 0x61, 0x74, 0x61, // WaveFileFormat.DATA_MAGIC
+             0, 0, 0, 0, // dataLength
+            };
+    // empty sampleSizeInBits
+    static byte[] wrongWAVSSB =
+            {0x52, 0x49, 0x46, 0x46, // WaveFileFormat.RIFF_MAGIC
+             1, 1, 1, 1, // fileLength
+             0x57, 0x41, 0x56, 0x45, //  waveMagic
+             0x66, 0x6d, 0x74, 0x20, // FMT_MAGIC
+             3, 0, 0, 0, // length
+             1, 0, // wav_type  WAVE_FORMAT_PCM
+             1, 0, // channels
+             0, 0, 0, 0, // sampleRate
+             0, 0, 0, 0, // avgBytesPerSec
+             0, 0, // blockAlign
+             0, 0, // sampleSizeInBits
+             0x64, 0x61, 0x74, 0x61, // WaveFileFormat.DATA_MAGIC
+             0, 0, 0, 0, // dataLength
+            };
+
+    public static void main(final String[] args) throws IOException {
+        test(wrongAIFFCh);
+        test(wrongAIFFSSL);
+        test(wrongAIFFSSH);
+        test(wrongAUCh);
+        test(wrongWAVCh);
+        test(wrongWAVSSB);
+    }
+
+    private static void test(final byte[] buffer) throws IOException {
+        final InputStream is = new ByteArrayInputStream(buffer);
+        try {
+            AudioSystem.getAudioFileFormat(is);
+        } catch (UnsupportedAudioFileException ignored) {
+            // Expected.
+            return;
+        }
+        throw new RuntimeException("Test Failed");
+    }
+}