[
https://issues.apache.org/jira/browse/PDFBOX-4670?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tilman Hausherr resolved PDFBOX-4670.
-------------------------------------
Assignee: Tilman Hausherr
Resolution: Fixed
[~sdanig] thanks for the fuzzing, I fixed the bugs you discovered. I also ran
it on my windows fonts directory and got two OOM exceptions, but when run
individually it was just ordinary IOExceptions. Maybe there is some memory leak
in the fuzzer or in fontbox (but only when fuzzing). So that's it for now.
> ArrayIndexOutOfBoundsException thrown parsing malformed TTF files
> -----------------------------------------------------------------
>
> Key: PDFBOX-4670
> URL: https://issues.apache.org/jira/browse/PDFBOX-4670
> Project: PDFBox
> Issue Type: Bug
> Components: FontBox
> Affects Versions: 3.0.0 PDFBox
> Reporter: Daniel Gredler
> Assignee: Tilman Hausherr
> Priority: Minor
> Fix For: 3.0.0 PDFBox
>
> Attachments: diff1.diff, diff2.diff, fontbox-fuzzing.diff,
> fuzz-failures.zip
>
>
> I ran some fuzz tests on {{TTFParser}} in order to check the behavior of
> FontBox with respect to untrusted TTF files. In general the results seem good
> (e.g. no {{OutOfMemoryError}}), but there are a few instances of
> {{ArrayIndexOutOfBoundsException}} being thrown.
> I've attached a zip file containing the findings (one .trace file and one
> .ttf file per error), as well as a patch containing the fuzzer used to find
> these issues. It uses the TTF files in the {{src/test/resources/ttf}}
> directory, mutates them randomly, and then tries to parse them. Details of
> any unexpected exceptions are saved to the {{target/fuzz-failures}}
> directory. I ran 100k tests against each file (takes 5 to 10 minutes), but
> the run size is customizable.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
