ArrayList p = new ArrayList();
int pos = 0;
- while (pos < pictstream.length) {
+ while (pos < (pictstream.length - PictureData.HEADER_SIZE)) {
PictureData pict = new PictureData(pictstream, pos);
p.add(pict);
pos += PictureData.HEADER_SIZE + pict.getSize();
header = new byte[PictureData.HEADER_SIZE];\r
System.arraycopy(pictstream, offset, header, 0, header.length);\r
\r
- int size = LittleEndian.getInt(header, 4) - 17;\r
+ // Get the size of the picture, and make sure it's sane\r
+ // Size is stored unsigned, since it must always be positive\r
+ int size = (int)LittleEndian.getUInt(header, 4) - 17;\r
+ int startPos = offset + PictureData.HEADER_SIZE;\r
+ if(size < 0) { size = 0; }\r
+ if(size > (pictstream.length - startPos)) { \r
+ int remaining = pictstream.length - startPos;\r
+ System.err.println("Warning: PictureData claimed picture was of length " + size + ", but only " + remaining + " remained!");\r
+ size = remaining;\r
+ }\r
+\r
+ // Save the picture data\r
pictdata = new byte[size];\r
- System.arraycopy(pictstream, offset + PictureData.HEADER_SIZE, pictdata, 0, pictdata.length);\r
+ System.arraycopy(pictstream, startPos, pictdata, 0, pictdata.length);\r
}\r
\r
/**\r
projects / poi.git / commitdiff