[jira] [Commented] (IMAGING-215) ArrayIndexOutOfBoundsException in DhtSegment

Sat, 10 Feb 2018 02:17:30 -0800 

    [ 
https://issues.apache.org/jira/browse/IMAGING-215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16359357#comment-16359357
 ] 

Bruno P. Kinoshita commented on IMAGING-215:
--------------------------------------------

Hi [~floyd]

Thanks for reporting the issue, and for the interesting links. I've added a 
bookmark with a note to read the paper and have a look at the fuzzer used. But 
before that, confirmed we had the exception from an assignment that wasn't 
confirming the array length and the index given during the huffman table 
creation for the one segment.

Added a fix and unit test.

Cheers

Bruno

> ArrayIndexOutOfBoundsException in DhtSegment
> --------------------------------------------
>
>                 Key: IMAGING-215
>                 URL: https://issues.apache.org/jira/browse/IMAGING-215
>             Project: Commons Imaging
>          Issue Type: Bug
>          Components: Format: JPEG
>    Affects Versions: 1.0
>            Reporter: floyd
>            Assignee: Bruno P. Kinoshita
>            Priority: Major
>              Labels: security
>         Attachments: ArrayIndexOutOfBoundsException_DhtSegment_79.jpeg
>
>
> I simply ran the Kelinci AFL-based Java fuzzer with the common immaging as 
> explained here (with better input files than the author, fuzzing is all about 
> corpus data):
> [https://github.com/isstac/kelinci/tree/master/examples/commons-imaging]
> I found the following issue when parsing the attached file:
>  
> {code:java}
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
>       at 
> org.apache.commons.imaging.formats.jpeg.segments.DhtSegment$HuffmanTable.<init>(DhtSegment.java:79)
>       at 
> org.apache.commons.imaging.formats.jpeg.segments.DhtSegment.<init>(DhtSegment.java:173)
>       at 
> org.apache.commons.imaging.formats.jpeg.segments.DhtSegment.<init>(DhtSegment.java:146)
>       at 
> org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.visitSegment(JpegDecoder.java:219)
>       at 
> org.apache.commons.imaging.formats.jpeg.JpegUtils.traverseJFIF(JpegUtils.java:89)
>       at 
> org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.decode(JpegDecoder.java:437)
>       at 
> org.apache.commons.imaging.formats.jpeg.JpegImageParser.getBufferedImage(JpegImageParser.java:97)
>       at driver.Driver.main(Driver.java:23)
> {code}
> The rest is as described in the link, I also used 
> commons-imaging-1.0-RC7.tar.gz
> The parser doesn't declare that an ArrayIndexOutOfBoundsException could be 
> thrown.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to