Details
-
Bug
-
Resolution: Fixed
-
Low
-
4.2
-
None
-
4.02
-
Description
If one navigates to the user profile page and tries to upload a corrupted image file such as the provided xab.png, JIRA will throw NPE.
java.lang.NullPointerException at com.atlassian.jira.web.action.admin.AvatarPicker.clampSize(AvatarPicker.java:273) at com.atlassian.jira.web.action.admin.AvatarPicker.doUpload(AvatarPicker.java:181) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at webwork.util.InjectionUtils$DefaultInjectionImpl.invoke(InjectionUtils.java:70) at webwork.util.InjectionUtils.invoke(InjectionUtils.java:56) at webwork.action.ActionSupport.invokeCommand(ActionSupport.java:433) at webwork.action.ActionSupport.execute(ActionSupport.java:157) at com.atlassian.jira.action.JiraActionSupport.execute(JiraActionSupport.java:54) at webwork.dispatcher.GenericDispatcher.executeAction(GenericDispatcher.java:139) at com.atlassian.jira.web.dispatcher.JiraWebworkActionDispatcher.service(JiraWebworkActionDispatcher.java:168) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.atlassian.jira.web.filters.JiraLastFilter.doFilter(JiraLastFilter.java:69)
Additionally, we should consider to validate content of the uploaded to ensure that they represent valid images.