commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bruno P. Kinoshita (JIRA)" <>
Subject [jira] [Commented] (IMAGING-215) ArrayIndexOutOfBoundsException in DhtSegment
Date Sat, 10 Feb 2018 10:17:13 GMT


Bruno P. Kinoshita commented on IMAGING-215:

Hi [~floyd]

Thanks for reporting the issue, and for the interesting links. I've added a bookmark with
a note to read the paper and have a look at the fuzzer used. But before that, confirmed we
had the exception from an assignment that wasn't confirming the array length and the index
given during the huffman table creation for the one segment.

Added a fix and unit test.



> ArrayIndexOutOfBoundsException in DhtSegment
> --------------------------------------------
>                 Key: IMAGING-215
>                 URL:
>             Project: Commons Imaging
>          Issue Type: Bug
>          Components: Format: JPEG
>    Affects Versions: 1.0
>            Reporter: floyd
>            Assignee: Bruno P. Kinoshita
>            Priority: Major
>              Labels: security
>         Attachments: ArrayIndexOutOfBoundsException_DhtSegment_79.jpeg
> I simply ran the Kelinci AFL-based Java fuzzer with the common immaging as explained
here (with better input files than the author, fuzzing is all about corpus data):
> []
> I found the following issue when parsing the attached file:
> {code:java}
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
> 	at org.apache.commons.imaging.formats.jpeg.segments.DhtSegment$HuffmanTable.<init>(
> 	at org.apache.commons.imaging.formats.jpeg.segments.DhtSegment.<init>(
> 	at org.apache.commons.imaging.formats.jpeg.segments.DhtSegment.<init>(
> 	at org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.visitSegment(
> 	at org.apache.commons.imaging.formats.jpeg.JpegUtils.traverseJFIF(
> 	at org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.decode(
> 	at org.apache.commons.imaging.formats.jpeg.JpegImageParser.getBufferedImage(
> 	at driver.Driver.main(
> {code}
> The rest is as described in the link, I also used commons-imaging-1.0-RC7.tar.gz
> The parser doesn't declare that an ArrayIndexOutOfBoundsException could be thrown.

This message was sent by Atlassian JIRA

View raw message