Alex Rebert created PDFBOX-4626:
-----------------------------------
Summary: ArrayIndexOutOfBounds exceptions in CmapSubtable parsing
Key: PDFBOX-4626
URL: https://issues.apache.org/jira/browse/PDFBOX-4626
Project: PDFBox
Issue Type: Bug
Components: FontBox
Affects Versions: 3.0.0 PDFBox
Environment: openjdk version "1.8.0_212"
OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b03)
OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b03, mixed mode)
MacOS Mojave
Reporter: Alex Rebert
Attachments: fontbox-exceptions-2.zip
{{TTFParser.parse}} can lead to ArrayIndexOutOfBounds exceptions when parsing
malformed inputs.
*Steps to repro*
# Create & compile Main.java:
{code:java}
import org.apache.fontbox.ttf.TTFParser;
class Main {
public static void main(String[] args) throws Throwable {
(new TTFParser()).parse(System.in);
}
}{code}
* Download the attached inputs and extract them.
* For each input, run {{cat <input> | java -cp 'jars/*' Main}} to reproduce
the exceptions, where `jars` is a folder containing the pdfbox jars.
*Stacktraces*
{noformat}
$ cat ArrayIndexOutOfBoundsException.CmapSubtable.processSubtype13.320 | java
-cp 'jars/*' Main
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
at org.apache.fontbox.ttf.CmapSubtable.processSubtype13(CmapSubtable.java:320)
at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:114)
at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:377)
at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
at Main.main(Main.java:5){noformat}
{noformat}
$ cat ArrayIndexOutOfBoundsException.CmapSubtable.processSubtype8.192 | java
-cp 'jars/*' Main
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
at org.apache.fontbox.ttf.CmapSubtable.processSubtype8(CmapSubtable.java:192)
at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:105)
at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:377)
at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
at Main.main(Main.java:5){noformat}
{noformat}
$ cat ArrayIndexOutOfBoundsException.CmapSubtable.processSubtype8.167 | java
-cp 'jars/*' Main
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 8192
at org.apache.fontbox.ttf.CmapSubtable.processSubtype8(CmapSubtable.java:167)
at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:105)
at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:377)
at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
at Main.main(Main.java:5){noformat}
The files were generated by fuzzing and are (probably) not valid TTF files.
This is a follow-up to PDFBOX-4622. I fuzzed fontbox again after applying the
patch from that issue (revision
https://svn.apache.org/repos/asf/pdfbox/trunk@1864677).
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
