[
https://issues.apache.org/jira/browse/IMAGING-215?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bruno P. Kinoshita updated IMAGING-215:
---------------------------------------
Fix Version/s: 1.0
> ArrayIndexOutOfBoundsException in DhtSegment
> --------------------------------------------
>
> Key: IMAGING-215
> URL: https://issues.apache.org/jira/browse/IMAGING-215
> Project: Commons Imaging
> Issue Type: Bug
> Components: Format: JPEG
> Affects Versions: 1.0
> Reporter: floyd
> Assignee: Bruno P. Kinoshita
> Priority: Major
> Labels: security
> Fix For: 1.0
>
> Attachments: ArrayIndexOutOfBoundsException_DhtSegment_79.jpeg
>
>
> I simply ran the Kelinci AFL-based Java fuzzer with the common immaging as
> explained here (with better input files than the author, fuzzing is all about
> corpus data):
> [https://github.com/isstac/kelinci/tree/master/examples/commons-imaging]
> I found the following issue when parsing the attached file:
>
> {code:java}
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
> at
> org.apache.commons.imaging.formats.jpeg.segments.DhtSegment$HuffmanTable.<init>(DhtSegment.java:79)
> at
> org.apache.commons.imaging.formats.jpeg.segments.DhtSegment.<init>(DhtSegment.java:173)
> at
> org.apache.commons.imaging.formats.jpeg.segments.DhtSegment.<init>(DhtSegment.java:146)
> at
> org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.visitSegment(JpegDecoder.java:219)
> at
> org.apache.commons.imaging.formats.jpeg.JpegUtils.traverseJFIF(JpegUtils.java:89)
> at
> org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.decode(JpegDecoder.java:437)
> at
> org.apache.commons.imaging.formats.jpeg.JpegImageParser.getBufferedImage(JpegImageParser.java:97)
> at driver.Driver.main(Driver.java:23)
> {code}
> The rest is as described in the link, I also used
> commons-imaging-1.0-RC7.tar.gz
> The parser doesn't declare that an ArrayIndexOutOfBoundsException could be
> thrown.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
