[
https://issues.apache.org/jira/browse/PDFBOX-4670?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16950341#comment-16950341
]
ASF subversion and git services commented on PDFBOX-4670:
---------------------------------------------------------
Commit 1868408 from Tilman Hausherr in branch 'pdfbox/branches/issue4569'
[ https://svn.apache.org/r1868408 ]
PDFBOX-4670: avoid ArrayIndexOutOfBoundsException discovered by Daniel Gredler
> ArrayIndexOutOfBoundsException thrown parsing malformed TTF files
> -----------------------------------------------------------------
>
> Key: PDFBOX-4670
> URL: https://issues.apache.org/jira/browse/PDFBOX-4670
> Project: PDFBox
> Issue Type: Bug
> Components: FontBox
> Affects Versions: 2.0.17
> Reporter: Daniel Gredler
> Priority: Minor
> Fix For: 2.0.18, 3.0.0 PDFBox
>
> Attachments: diff1.diff, diff2.diff, fontbox-fuzzing.diff,
> fuzz-failures.zip
>
>
> I ran some fuzz tests on {{TTFParser}} in order to check the behavior of
> FontBox with respect to untrusted TTF files. In general the results seem good
> (e.g. no {{OutOfMemoryError}}), but there are a few instances of
> {{ArrayIndexOutOfBoundsException}} being thrown.
> I've attached a zip file containing the findings (one .trace file and one
> .ttf file per error), as well as a patch containing the fuzzer used to find
> these issues. It uses the TTF files in the {{src/test/resources/ttf}}
> directory, mutates them randomly, and then tries to parse them. Details of
> any unexpected exceptions are saved to the {{target/fuzz-failures}}
> directory. I ran 100k tests against each file (takes 5 to 10 minutes), but
> the run size is customizable.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
