Daniel Gredler created PDFBOX-4670:
--------------------------------------
Summary: ArrayIndexOutOfBoundsExceptions thrown parsing malformed
TTF files
Key: PDFBOX-4670
URL: https://issues.apache.org/jira/browse/PDFBOX-4670
Project: PDFBox
Issue Type: Bug
Components: FontBox
Affects Versions: 2.0.17
Reporter: Daniel Gredler
Attachments: fontbox-fuzzing.diff, fuzz-failures.zip
I ran some fuzz tests on {{TTFParser}} in order to check the behavior of
FontBox with respect to untrusted TTF files. In general the results seem good
(e.g. no {{OutOfMemoryError}}s), but there are a few instances of
{{ArrayIndexOutOfBoundsException}}s being thrown.
I've attached a zip file containing the findings (one .trace file and one .ttf
file per error), as well as a patch containing the fuzzer used to find these
issues. It uses the TTF files in the {{src/test/resources/ttf}} directory,
mutates them randomly, and then tries to parse them. Details of any unexpected
exceptions are saved to the {{target/fuzz-failures}} directory. I ran 100k
tests against each file (takes 5 to 10 minutes), but the run size is
customizable.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
