pdfbox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Rebert (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (PDFBOX-4622) Various exceptions in TTFParser.parse
Date Mon, 05 Aug 2019 20:18:00 GMT 

     [ https://issues.apache.org/jira/browse/PDFBOX-4622?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Alex Rebert updated PDFBOX-4622:
--------------------------------
    Description: 
{{TTFParser.parse}} can lead to various unchecked exceptions when parsing malformed inputs.

*Steps to repro*
 # Create & compile Main.java: 
{code:java}
import org.apache.fontbox.ttf.TTFParser;

class Main {
  public static void main(String[] args) throws Throwable {
    (new TTFParser()).parse(System.in);
  }
}{code}

 * Download the inputs ([^fontbox-exceptions.zip]) and extract them.
 * For each input, run {{cat <input> | java -cp 'jars/*' Main}} to reproduce the exceptions,
where `jars` is a folder containing the pdfbox jars.

*Stacktraces*
{noformat}
$ cat NullPtrException.HorizontalMetricsTable.read | java -cp 'jars/*' Main
Exception in thread "main" java.lang.NullPointerException
 at org.apache.fontbox.ttf.HorizontalMetricsTable.read(HorizontalMetricsTable.java:53)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
 at Main.main(Main.java:5){noformat}
{noformat}
$ cat ArrayIndexOutOfBoundsException.PostScriptTable.read | java -cp 'jars/*' Main
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 258
 at org.apache.fontbox.ttf.PostScriptTable.read(PostScriptTable.java:137)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
 at Main.main(Main.java:5){noformat}
{noformat}
$ cat ArrayIndexOutOfBoundsException.NamingTable.read | java -cp 'jars/*' Main
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -1674355620
 at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
 at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
 at org.apache.fontbox.ttf.NamingTable.read(NamingTable.java:63)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
 at Main.main(Main.java:5){noformat}
{noformat}
$ cat ArrayIndexOutOfBoundsException.CmapSubtable.initSubtable | java -cp 'jars/*' Main
Aug 05, 2019 4:13:54 PM org.apache.fontbox.ttf.CmapSubtable processSubtype13
WARNING: Format 13 cmap contains an invalid glyph index
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -916972
 at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
 at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
 at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:74)
 at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
 at Main.main(Main.java:5){noformat}
{noformat}
$ cat ArrayIndexOutOfBoundsException.HorizontalHeaderTable.read | java -cp 'jars/*' Main
Aug 05, 2019 4:13:54 PM org.apache.fontbox.ttf.CmapSubtable processSubtype12
WARNING: Format 12 cmap contains an invalid glyph index
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -524
 at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
 at org.apache.fontbox.ttf.MemoryTTFDataStream.readSignedShort(MemoryTTFDataStream.java:134)
 at org.apache.fontbox.ttf.TTFDataStream.read32Fixed(TTFDataStream.java:50)
 at org.apache.fontbox.ttf.HorizontalHeaderTable.read(HorizontalHeaderTable.java:65)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
 at Main.main(Main.java:5){noformat}
{noformat}
$ cat NullPtrException.IndexToLocationTable.read | java -cp 'jars/*' Main
Exception in thread "main" java.lang.NullPointerException
 at org.apache.fontbox.ttf.IndexToLocationTable.read(IndexToLocationTable.java:57)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
 at org.apache.fontbox.ttf.TrueTypeFont.getIndexToLocation(TrueTypeFont.java:232)
 at org.apache.fontbox.ttf.GlyphTable.read(GlyphTable.java:67)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
 at Main.main(Main.java:5){noformat}
{noformat}
$ cat ArrayIndexOutOfBoundsException.CmapTable.read | java -cp 'jars/*' Main
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -2147483116
 at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
 at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
 at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:75)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
 at Main.main(Main.java:5){noformat}
{noformat}
$ cat NullPtrException.VerticalMetricsTable.read | java -cp 'jars/*' Main
...
Exception in thread "main" java.lang.NullPointerException
 at org.apache.fontbox.ttf.VerticalMetricsTable.read(VerticalMetricsTable.java:60)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
 at Main.main(Main.java:5){noformat}
{noformat}
$ cat NullPtrException.CmapSubtable.processSubtype13 | java -cp 'jars/*' Main
Exception in thread "main" java.lang.NullPointerException
 at org.apache.fontbox.ttf.CmapSubtable.processSubtype13(CmapSubtable.java:319)
 at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:114)
 at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
 at Main.main(Main.java:5){noformat}
{noformat}
$ cat ArrayIndexOutOfBoundsException.MaximumProfileTable.read | java -cp 'jars/*' Main
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -1788932292
 at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
 at org.apache.fontbox.ttf.MemoryTTFDataStream.readSignedShort(MemoryTTFDataStream.java:134)
 at org.apache.fontbox.ttf.TTFDataStream.read32Fixed(TTFDataStream.java:50)
 at org.apache.fontbox.ttf.MaximumProfileTable.read(MaximumProfileTable.java:274)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
 at org.apache.fontbox.ttf.TrueTypeFont.getMaximumProfile(TrueTypeFont.java:188)
 at org.apache.fontbox.ttf.TrueTypeFont.getNumberOfGlyphs(TrueTypeFont.java:369)
 at org.apache.fontbox.ttf.IndexToLocationTable.read(IndexToLocationTable.java:53)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
 at org.apache.fontbox.ttf.TrueTypeFont.getIndexToLocation(TrueTypeFont.java:232)
 at org.apache.fontbox.ttf.GlyphTable.read(GlyphTable.java:67)
 at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
 at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
 at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
 at Main.main(Main.java:5){noformat}
The files were generated by fuzzing and are (probably) not valid TTF files.

  was:
{{TTFParser.parse}} can lead to various unchecked exceptions when parsing malformed inputs.

*Steps to repro*
 # Create & compile Main.java: 
{code:java}
import org.apache.fontbox.ttf.TTFParser;

class Main {
  public static void main(String[] args) throws Throwable {
    (new TTFParser()).parse(System.in);
  }
}{code}

 * Download the malformed inputs and extract them.
 * For each input, run {{cat <input> | java -cp Main}} to reproduce the exceptions.

*Stacktraces*

<About to add them>


> Various exceptions in TTFParser.parse
> -------------------------------------
>
>                 Key: PDFBOX-4622
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4622
>             Project: PDFBox
>          Issue Type: Bug
>          Components: FontBox
>    Affects Versions: 2.0.16
>         Environment: openjdk version "1.8.0_212"
> OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b03)
> OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b03, mixed mode)
> MacOS Mojave
>            Reporter: Alex Rebert
>            Priority: Minor
>         Attachments: fontbox-exceptions.zip
>
>
> {{TTFParser.parse}} can lead to various unchecked exceptions when parsing malformed inputs.
> *Steps to repro*
>  # Create & compile Main.java: 
> {code:java}
> import org.apache.fontbox.ttf.TTFParser;
> class Main {
>   public static void main(String[] args) throws Throwable {
>     (new TTFParser()).parse(System.in);
>   }
> }{code}
>  * Download the inputs ([^fontbox-exceptions.zip]) and extract them.
>  * For each input, run {{cat <input> | java -cp 'jars/*' Main}} to reproduce
the exceptions, where `jars` is a folder containing the pdfbox jars.
> *Stacktraces*
> {noformat}
> $ cat NullPtrException.HorizontalMetricsTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.NullPointerException
>  at org.apache.fontbox.ttf.HorizontalMetricsTable.read(HorizontalMetricsTable.java:53)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.PostScriptTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 258
>  at org.apache.fontbox.ttf.PostScriptTable.read(PostScriptTable.java:137)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.NamingTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -1674355620
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
>  at org.apache.fontbox.ttf.NamingTable.read(NamingTable.java:63)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.CmapSubtable.initSubtable | java -cp 'jars/*' Main
> Aug 05, 2019 4:13:54 PM org.apache.fontbox.ttf.CmapSubtable processSubtype13
> WARNING: Format 13 cmap contains an invalid glyph index
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -916972
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
>  at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:74)
>  at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.HorizontalHeaderTable.read | java -cp 'jars/*' Main
> Aug 05, 2019 4:13:54 PM org.apache.fontbox.ttf.CmapSubtable processSubtype12
> WARNING: Format 12 cmap contains an invalid glyph index
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -524
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.readSignedShort(MemoryTTFDataStream.java:134)
>  at org.apache.fontbox.ttf.TTFDataStream.read32Fixed(TTFDataStream.java:50)
>  at org.apache.fontbox.ttf.HorizontalHeaderTable.read(HorizontalHeaderTable.java:65)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat NullPtrException.IndexToLocationTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.NullPointerException
>  at org.apache.fontbox.ttf.IndexToLocationTable.read(IndexToLocationTable.java:57)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
>  at org.apache.fontbox.ttf.TrueTypeFont.getIndexToLocation(TrueTypeFont.java:232)
>  at org.apache.fontbox.ttf.GlyphTable.read(GlyphTable.java:67)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.CmapTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -2147483116
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
>  at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:75)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat NullPtrException.VerticalMetricsTable.read | java -cp 'jars/*' Main
> ...
> Exception in thread "main" java.lang.NullPointerException
>  at org.apache.fontbox.ttf.VerticalMetricsTable.read(VerticalMetricsTable.java:60)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat NullPtrException.CmapSubtable.processSubtype13 | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.NullPointerException
>  at org.apache.fontbox.ttf.CmapSubtable.processSubtype13(CmapSubtable.java:319)
>  at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:114)
>  at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.MaximumProfileTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -1788932292
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.readSignedShort(MemoryTTFDataStream.java:134)
>  at org.apache.fontbox.ttf.TTFDataStream.read32Fixed(TTFDataStream.java:50)
>  at org.apache.fontbox.ttf.MaximumProfileTable.read(MaximumProfileTable.java:274)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
>  at org.apache.fontbox.ttf.TrueTypeFont.getMaximumProfile(TrueTypeFont.java:188)
>  at org.apache.fontbox.ttf.TrueTypeFont.getNumberOfGlyphs(TrueTypeFont.java:369)
>  at org.apache.fontbox.ttf.IndexToLocationTable.read(IndexToLocationTable.java:53)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
>  at org.apache.fontbox.ttf.TrueTypeFont.getIndexToLocation(TrueTypeFont.java:232)
>  at org.apache.fontbox.ttf.GlyphTable.read(GlyphTable.java:67)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> The files were generated by fuzzing and are (probably) not valid TTF files.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org
Mime
View raw message