pdfbox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PDFBOX-4622) Various exceptions in TTFParser.parse
Date Tue, 06 Aug 2019 16:27:00 GMT

    [ https://issues.apache.org/jira/browse/PDFBOX-4622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16901233#comment-16901233
] 

ASF subversion and git services commented on PDFBOX-4622:
---------------------------------------------------------

Commit 1864532 from Tilman Hausherr in branch 'pdfbox/branches/issue4569'
[ https://svn.apache.org/r1864532 ]

PDFBOX-4622: avoid NPE

> Various exceptions in TTFParser.parse
> -------------------------------------
>
>                 Key: PDFBOX-4622
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4622
>             Project: PDFBox
>          Issue Type: Bug
>          Components: FontBox
>    Affects Versions: 1.8.16, 2.0.16
>         Environment: openjdk version "1.8.0_212"
> OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b03)
> OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b03, mixed mode)
> MacOS Mojave
>            Reporter: Alex Rebert
>            Priority: Minor
>         Attachments: fontbox-exceptions.zip
>
>
> {{TTFParser.parse}} can lead to various unchecked exceptions when parsing malformed inputs.
> *Steps to repro*
>  # Create & compile Main.java: 
> {code:java}
> import org.apache.fontbox.ttf.TTFParser;
> class Main {
>   public static void main(String[] args) throws Throwable {
>     (new TTFParser()).parse(System.in);
>   }
> }{code}
>  * Download the inputs ([^fontbox-exceptions.zip]) and extract them.
>  * For each input, run {{cat <input> | java -cp 'jars/*' Main}} to reproduce
the exceptions, where `jars` is a folder containing the pdfbox jars.
> *Stacktraces*
> {noformat}
> $ cat NullPtrException.HorizontalMetricsTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.NullPointerException
>  at org.apache.fontbox.ttf.HorizontalMetricsTable.read(HorizontalMetricsTable.java:53)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.PostScriptTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 258
>  at org.apache.fontbox.ttf.PostScriptTable.read(PostScriptTable.java:137)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.NamingTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -1674355620
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
>  at org.apache.fontbox.ttf.NamingTable.read(NamingTable.java:63)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.CmapSubtable.initSubtable | java -cp 'jars/*' Main
> Aug 05, 2019 4:13:54 PM org.apache.fontbox.ttf.CmapSubtable processSubtype13
> WARNING: Format 13 cmap contains an invalid glyph index
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -916972
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
>  at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:74)
>  at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.HorizontalHeaderTable.read | java -cp 'jars/*' Main
> Aug 05, 2019 4:13:54 PM org.apache.fontbox.ttf.CmapSubtable processSubtype12
> WARNING: Format 12 cmap contains an invalid glyph index
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -524
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.readSignedShort(MemoryTTFDataStream.java:134)
>  at org.apache.fontbox.ttf.TTFDataStream.read32Fixed(TTFDataStream.java:50)
>  at org.apache.fontbox.ttf.HorizontalHeaderTable.read(HorizontalHeaderTable.java:65)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat NullPtrException.IndexToLocationTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.NullPointerException
>  at org.apache.fontbox.ttf.IndexToLocationTable.read(IndexToLocationTable.java:57)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
>  at org.apache.fontbox.ttf.TrueTypeFont.getIndexToLocation(TrueTypeFont.java:232)
>  at org.apache.fontbox.ttf.GlyphTable.read(GlyphTable.java:67)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.CmapTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -2147483116
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
>  at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:75)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat NullPtrException.VerticalMetricsTable.read | java -cp 'jars/*' Main
> ...
> Exception in thread "main" java.lang.NullPointerException
>  at org.apache.fontbox.ttf.VerticalMetricsTable.read(VerticalMetricsTable.java:60)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat NullPtrException.CmapSubtable.processSubtype13 | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.NullPointerException
>  at org.apache.fontbox.ttf.CmapSubtable.processSubtype13(CmapSubtable.java:319)
>  at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:114)
>  at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.MaximumProfileTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -1788932292
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
>  at org.apache.fontbox.ttf.MemoryTTFDataStream.readSignedShort(MemoryTTFDataStream.java:134)
>  at org.apache.fontbox.ttf.TTFDataStream.read32Fixed(TTFDataStream.java:50)
>  at org.apache.fontbox.ttf.MaximumProfileTable.read(MaximumProfileTable.java:274)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
>  at org.apache.fontbox.ttf.TrueTypeFont.getMaximumProfile(TrueTypeFont.java:188)
>  at org.apache.fontbox.ttf.TrueTypeFont.getNumberOfGlyphs(TrueTypeFont.java:369)
>  at org.apache.fontbox.ttf.IndexToLocationTable.read(IndexToLocationTable.java:53)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
>  at org.apache.fontbox.ttf.TrueTypeFont.getIndexToLocation(TrueTypeFont.java:232)
>  at org.apache.fontbox.ttf.GlyphTable.read(GlyphTable.java:67)
>  at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
>  at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
>  at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
>  at Main.main(Main.java:5){noformat}
> The files were generated by fuzzing and are (probably) not valid TTF files.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org


Mime
View raw message