Details
-
Bug
-
Resolution: Won't Fix
-
High
-
None
-
OD
Description
After seeing OOME errors semi-regularly that are caused by the thumbnail creator:
2014-06-25 23:01:38.897801500 at com.sun.imageio.plugins.png.PNGImageReader.readMetadata(PNGImageReader.java:728) 2014-06-25 23:01:38.897811500 at com.sun.imageio.plugins.png.PNGImageReader.readImage(PNGImageReader.java:1212) 2014-06-25 23:01:38.897811500 at com.sun.imageio.plugins.png.PNGImageReader.read(PNGImageReader.java:1560) 2014-06-25 23:01:38.897812500 at com.atlassian.confluence.pages.thumbnail.renderer.StreamRendererThumbnailGenerator$StreamingImageRenderer.scaleDown(StreamRendererThumbnailGenerator.java:82)
I finally managed to capture and analyze one and find what's causing the OOME (in this case).
For this, a .PNG has an IHDR.colorType of 6, but a bKGD of length 1 (instead of 6). This is from a bug in JDK PNGImageReader class. Generally, it appears that this class is not hardened against bad input.
One workaround suggested by gtanczyk is to pass ignoreMetadata = true to setImage() in scaleDown() (StreamRendererThumbnailGenerator.java), which in most circumstances will skip processing of the metadata blocks. I don't know what impact this will have on rendering actual thumbnails - from what I can see, the metadata isn't used at all, except for the PLTE chunk.
An alternate idea would be to create a Stream wrapper which performs validation on the input Stream, and sends scrubbed / corrected data to the PNGImageReader (or throws an exception if it's REALLY bad)
Third idea would be do all image processing internally instead of using imageio, so bugs in the image parser can be fixed.