[jira] [Commented] (PDFBOX-5339) A list of bugs found (70 bugs in total)

Fri, 10 Dec 2021 07:52:05 -0800 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17457226#comment-17457226
 ] 

Tilman Hausherr commented on PDFBOX-5339:
-----------------------------------------

The good thing is, one can just feed the POC files into PDFDebugger and have 
the exception πŸ˜‚

> A list of bugs found (70 bugs in total)
> ---------------------------------------
>
>                 Key: PDFBOX-5339
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-5339
>             Project: PDFBox
>          Issue Type: Bug
>    Affects Versions: 3.0.0 PDFBox
>            Reporter: Huang Wenjie
>            Priority: Major
>
> 1. Unqiue Bugs Found
> Recently we (Zhang Cen, [https://github.com/occia]Β and Huang Wenjie 
> [https://github.com/ZanderHuang]) discovered a series of bugs in latest 
> pdfbox (3.0.0-alpha2).
> Every bug we reported in the following is unique and reproducable. 
> Furthermore, they have been manually analyzed and triaged in removing the 
> duplicates.
> Due to the lack of contextual knowledge in the pdfbox library, we cannot 
> thoroughly fix some bugs hence we look forward to any proposed plan from the 
> developers in fixing these bugs.
> 2. Bug Report and Crash Seeds
> The bug report folder can be downloaded from 
> [https://drive.google.com/drive/folders/1TMOzudQOVXPKdZ1--NyusyV7kHRA2MSE?usp=sharing]
> It contains both reports and crash seeds.
> 3. Test Program to Reproduce Crashes
> The test program can be downloaded from 
> [https://drive.google.com/file/d/1r0OsDC0vg8Qc-XtGg0XDKbxubaPozcBj/view?usp=sharing]
> Total 70 bugs are reported in this issue.
> A full list is provided below.
> 4. Folder structure
>  - Level 1 (folder): exception type
>  - Level 2 (folder): error location
>  - Level 3 (files): POC file and {*}{{*}}report.txt{{*}}{*} including 
> reproducing steps
> 5. report.txt content:
> Β  Β  Β  1. Exception type
> Β  Β  Β  2. Error location
> Β  Β  Β  3. Bug cause and impact
> Β  Β  Β  4. Crash thread's stacks
> Β  Β  Β  5. Steps to reproduce
> Β 
> 6. Bug full list (crashes under java.lang.IllegalArgumentException and 
> IllegalStateException should be wrapped instead of using the common exception 
> types)
> pdfbox_reported_crashes
> β”œβ”€β”€ java.lang.ArrayIndexOutOfBoundsException
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-781
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.cff.Type1CharString.seac--Type1CharString.java-484
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.ttf.HorizontalMetricsTable.getAdvanceWidth--HorizontalMetricsTable.java-113
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.filter.CCITTFaxDecoderStream.decode2D--CCITTFaxDecoderStream.java-218
> β”‚ Β  └── 
> org.apache.pdfbox.pdfparser.PDFXrefStreamParser=ObjectNumbers.<init>--PDFXrefStreamParser.java-202
> β”œβ”€β”€ java.lang.ClassCastException
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.cff.CFFParser.parseType1Dicts--CFFParser.java-765
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.cmap.CMapParser.parseBeginbfrange--CMapParser.java-377
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDFont.getAverageFontWidth--PDFont.java-402
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDType1CFont.<init>--PDType1CFont.java-101
> β”‚ Β  └── org.apache.pdfbox.util.Matrix.<init>--Matrix.java-70
> β”œβ”€β”€ java.lang.IllegalArgumentException
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.cff.CFFParser=DictData=Entry.getBoolean--CFFParser.java-1247
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.cff.CFFParser.readCharset--CFFParser.java-1042
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.cff.CFFParser.readEncoding--CFFParser.java-808
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.cff.Type1CharString.callothersubr--Type1CharString.java-383
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-319
> β”‚ Β  β”œβ”€β”€ org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-54
> β”‚ Β  β”œβ”€β”€ org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-58
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createDescendantFont--PDFontFactory.java-128
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-100
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-104
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDType1Font.<init>--PDType1Font.java-202
> β”‚ Β  └── org.apache.pdfbox.util.Matrix.checkFloatValues--Matrix.java-300
> β”œβ”€β”€ java.lang.IllegalStateException
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.cff.CFFCharsetCID.getSIDForGID--CFFCharsetCID.java-59
> β”‚ Β  └── org.apache.pdfbox.pdmodel.PDPageTree.sanitizeType--PDPageTree.java-261
> β”œβ”€β”€ java.lang.IndexOutOfBoundsException
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.cff.CFFParser=DictData=Entry.getNumber--CFFParser.java-1229
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-292
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.cff.Type2CharString.handleType2Command--Type2CharString.java-146
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.util.BoundingBox.<init>--BoundingBox.java-65
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
> β”‚ Β  └── org.apache.pdfbox.cos.COSArray.getObject--COSArray.java-205
> β”œβ”€β”€ java.lang.NegativeArraySizeException
> β”‚ Β  └── 
> org.apache.pdfbox.pdfparser.PDFXrefStreamParser.parse--PDFXrefStreamParser.java-123
> β”œβ”€β”€ java.lang.NullPointerException
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.cff.CFFParser.parseFont--CFFParser.java-486
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-779
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.cmap.CMap.toInt--CMap.java-207
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.type1.Token.intValue--Token.java-107
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.type1.Type1Parser.parseASCII--Type1Parser.java-125
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.type1.Type1Parser.parseBinary--Type1Parser.java-530
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.type1.Type1Parser.readEncoding--Type1Parser.java-210
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.type1.Type1Parser.readOtherSubrs--Type1Parser.java-714
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.type1.Type1Parser.readPostScriptWrapper--Type1Parser.java-423
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.type1.Type1Parser.readProc--Type1Parser.java-458
> β”‚ Β  β”œβ”€β”€ 
> org.apache.fontbox.type1.Type1Parser.readProcVoid--Type1Parser.java-492
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.type1.Type1Parser.read--Type1Parser.java-852
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.encryption.PDEncryption.getFilter--PDEncryption.java-159
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDSimpleFont.getStandard14Width--PDSimpleFont.java-327
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.codeToGID--PDTrueTypeFont.java-549
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDType1CFont.codeToName--PDType1CFont.java-270
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDType1Font.codeToName--PDType1Font.java-552
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-321
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-334
> β”‚ Β  └── 
> org.apache.pdfbox.pdmodel.font.PDType3Font.getCharProc--PDType3Font.java-373
> β”œβ”€β”€ java.lang.NumberFormatException
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-657
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-661
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.type1.Token.floatValue--Token.java-112
> β”‚ Β  β”œβ”€β”€ org.apache.fontbox.type1.Token.intValue--Token.java-107
> β”‚ Β  └── org.apache.fontbox.type1.Type1Lexer.tryReadNumber--Type1Lexer.java-337
> β”œβ”€β”€ java.lang.StackOverflowError
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.cos.COSDictionary.getCOSArray--COSDictionary.java-593
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.cos.COSDictionary.getDictionaryObject--COSDictionary.java-178
> β”‚ Β  β”œβ”€β”€ org.apache.pdfbox.cos.COSName.equals--COSName.java-738
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.io.RandomAccessReadBuffer.read--RandomAccessReadBuffer.java-217
> β”‚ Β  β”œβ”€β”€ 
> org.apache.pdfbox.pdfparser.BaseParser.isValidUTF8--BaseParser.java-788
> β”‚ Β  β”œβ”€β”€ org.apache.pdfbox.pdmodel.PDPageTree.getKids--PDPageTree.java-156
> β”‚ Β  β”œβ”€β”€ org.apache.pdfbox.util.SmallMap.findKey--SmallMap.java-67
> β”‚ Β  └── org.apache.pdfbox.util.SmallMap.get--SmallMap.java-126
> └── java.nio.BufferUnderflowException
> Β  Β  β”œβ”€β”€ org.apache.fontbox.type1.Type1Lexer.getChar--Type1Lexer.java-93
> Β  Β  └── 
> org.apache.fontbox.type1.Type1Lexer.readCharString--Type1Lexer.java-472
> Β  Β Β 
> Β  Β Β 
> Any further discussion for these vulnerabilities including fix is welcomed 
> and look forward to hearing from you.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to