Large ignored chunk causes crash

[MarkJeronimus]

When there is a large ignored chunk, it crashes in production, but not when loaded with PngInfo.java

Analysis of the cause:
The offending chunk starts decoding in DefaultPngChunkReader.readChunk(). It calls DefaultPngChunkReader.readOtherChunk() which eventually calls (via the filter input stream) BufferedInputStream.skip().

From the Javadoc of skip():

Skips over and discards n bytes of data from the input stream. The skip method may, for a variety of reasons, end up skipping over some smaller number of bytes, possibly 0. The actual number of bytes skipped is returned.

And indeed, it skips up to available() bytes, which is just under 8192 because the current pointer is still small and that's the buffer's size.

PngInfo.java doesn't wrap the input stream in a BufferedInputStream so it doesn't expose the bug.

Test image: iTXt chunk (3rd ignored chunk) of this (NSFW) image (navigate to the "Original" link in the left column!)

[MarkJeronimus]

Fixed.

public void readOtherChunk(int code, PngSource source, int dataPosition, int dataLength) throws IOException {
  // If we're not processing it, got to skip it.
  while (dataLength > 0) {
      dataLength -= source.skip(dataLength);
  }

}

[aellerton]

Thanks for this @MarkJeronimus!

[MarkJeronimus]

I found other places too where skip() is being used. You'd better check them all if you're still working on this project.