From dev-return-64653-archive-asf-public=cust-asf.ponee.io@pdfbox.apache.org Wed Aug 7 16:24:03 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 1A956180675 for ; Wed, 7 Aug 2019 18:24:03 +0200 (CEST) Received: (qmail 32188 invoked by uid 500); 7 Aug 2019 16:24:02 -0000 Mailing-List: contact dev-help@pdfbox.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@pdfbox.apache.org Delivered-To: mailing list dev@pdfbox.apache.org Received: (qmail 32144 invoked by uid 99); 7 Aug 2019 16:24:02 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 07 Aug 2019 16:24:02 +0000 Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 6458FE2FCA for ; Wed, 7 Aug 2019 16:24:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id EAE5726665 for ; Wed, 7 Aug 2019 16:24:00 +0000 (UTC) Date: Wed, 7 Aug 2019 16:24:00 +0000 (UTC) From: "ASF subversion and git services (JIRA)" To: dev@pdfbox.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (PDFBOX-4622) Various exceptions in TTFParser.parse MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/PDFBOX-4622?page=3Dcom.atlassia= n.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=3D169= 02207#comment-16902207 ]=20 ASF subversion and git services commented on PDFBOX-4622: --------------------------------------------------------- Commit 1864635 from Tilman Hausherr in branch 'pdfbox/branches/1.8' [ https://svn.apache.org/r1864635 ] PDFBOX-4622: avoid ArrayIndexOutOfBoundsException > Various exceptions in TTFParser.parse > ------------------------------------- > > Key: PDFBOX-4622 > URL: https://issues.apache.org/jira/browse/PDFBOX-4622 > Project: PDFBox > Issue Type: Bug > Components: FontBox > Affects Versions: 1.8.16, 2.0.16 > Environment: openjdk version "1.8.0_212" > OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b03) > OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b03, mixed mode) > MacOS Mojave > Reporter: Alex Rebert > Priority: Minor > Attachments: fontbox-exceptions.zip > > > {{TTFParser.parse}}=C2=A0can lead to various unchecked exceptions when pa= rsing malformed=C2=A0inputs. > *Steps to repro* > # Create & compile Main.java:=C2=A0 > {code:java} > import org.apache.fontbox.ttf.TTFParser; > class Main { > public static void main(String[] args) throws Throwable { > (new TTFParser()).parse(System.in); > } > }{code} > * Download the inputs=C2=A0([^fontbox-exceptions.zip]) and extract them. > * For each input, run=C2=A0{{cat | java -cp 'jars/*' Main}}=C2= =A0to reproduce the exceptions, where `jars`=C2=A0is a folder containing=C2= =A0the pdfbox jars. > *Stacktraces* > {noformat} > $ cat NullPtrException.HorizontalMetricsTable.read | java -cp 'jars/*' Ma= in > Exception in thread "main" java.lang.NullPointerException > at org.apache.fontbox.ttf.HorizontalMetricsTable.read(HorizontalMetricsT= able.java:53) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) > at Main.main(Main.java:5){noformat} > {noformat} > $ cat ArrayIndexOutOfBoundsException.PostScriptTable.read | java -cp 'jar= s/*' Main > Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 258 > at org.apache.fontbox.ttf.PostScriptTable.read(PostScriptTable.java:137) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) > at Main.main(Main.java:5){noformat} > {noformat} > $ cat ArrayIndexOutOfBoundsException.NamingTable.read | java -cp 'jars/*'= Main > Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -167= 4355620 > at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.j= ava:102) > at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTT= FDataStream.java:116) > at org.apache.fontbox.ttf.NamingTable.read(NamingTable.java:63) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) > at Main.main(Main.java:5){noformat} > {noformat} > $ cat ArrayIndexOutOfBoundsException.CmapSubtable.initSubtable | java -cp= 'jars/*' Main > Aug 05, 2019 4:13:54 PM org.apache.fontbox.ttf.CmapSubtable processSubtyp= e13 > WARNING: Format 13 cmap contains an invalid glyph index > Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -916= 972 > at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.j= ava:102) > at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTT= FDataStream.java:116) > at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:74= ) > at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) > at Main.main(Main.java:5){noformat} > {noformat} > $ cat ArrayIndexOutOfBoundsException.HorizontalHeaderTable.read | java -c= p 'jars/*' Main > Aug 05, 2019 4:13:54 PM org.apache.fontbox.ttf.CmapSubtable processSubtyp= e12 > WARNING: Format 12 cmap contains an invalid glyph index > Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -524 > at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.j= ava:102) > at org.apache.fontbox.ttf.MemoryTTFDataStream.readSignedShort(MemoryTTFD= ataStream.java:134) > at org.apache.fontbox.ttf.TTFDataStream.read32Fixed(TTFDataStream.java:5= 0) > at org.apache.fontbox.ttf.HorizontalHeaderTable.read(HorizontalHeaderTab= le.java:65) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) > at Main.main(Main.java:5){noformat} > {noformat} > $ cat NullPtrException.IndexToLocationTable.read | java -cp 'jars/*' Main > Exception in thread "main" java.lang.NullPointerException > at org.apache.fontbox.ttf.IndexToLocationTable.read(IndexToLocationTable= .java:57) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142) > at org.apache.fontbox.ttf.TrueTypeFont.getIndexToLocation(TrueTypeFont.j= ava:232) > at org.apache.fontbox.ttf.GlyphTable.read(GlyphTable.java:67) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) > at Main.main(Main.java:5){noformat} > {noformat} > $ cat ArrayIndexOutOfBoundsException.CmapTable.read | java -cp 'jars/*' M= ain > Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -214= 7483116 > at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.j= ava:102) > at org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTT= FDataStream.java:116) > at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:75) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) > at Main.main(Main.java:5){noformat} > {noformat} > $ cat NullPtrException.VerticalMetricsTable.read | java -cp 'jars/*' Main > ... > Exception in thread "main" java.lang.NullPointerException > at org.apache.fontbox.ttf.VerticalMetricsTable.read(VerticalMetricsTable= .java:60) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) > at Main.main(Main.java:5){noformat} > {noformat} > $ cat NullPtrException.CmapSubtable.processSubtype13 | java -cp 'jars/*' = Main > Exception in thread "main" java.lang.NullPointerException > at org.apache.fontbox.ttf.CmapSubtable.processSubtype13(CmapSubtable.jav= a:319) > at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:11= 4) > at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) > at Main.main(Main.java:5){noformat} > {noformat} > $ cat ArrayIndexOutOfBoundsException.MaximumProfileTable.read | java -cp = 'jars/*' Main > Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -178= 8932292 > at org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.j= ava:102) > at org.apache.fontbox.ttf.MemoryTTFDataStream.readSignedShort(MemoryTTFD= ataStream.java:134) > at org.apache.fontbox.ttf.TTFDataStream.read32Fixed(TTFDataStream.java:5= 0) > at org.apache.fontbox.ttf.MaximumProfileTable.read(MaximumProfileTable.j= ava:274) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142) > at org.apache.fontbox.ttf.TrueTypeFont.getMaximumProfile(TrueTypeFont.ja= va:188) > at org.apache.fontbox.ttf.TrueTypeFont.getNumberOfGlyphs(TrueTypeFont.ja= va:369) > at org.apache.fontbox.ttf.IndexToLocationTable.read(IndexToLocationTable= .java:53) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142) > at org.apache.fontbox.ttf.TrueTypeFont.getIndexToLocation(TrueTypeFont.j= ava:232) > at org.apache.fontbox.ttf.GlyphTable.read(GlyphTable.java:67) > at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353) > at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) > at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) > at Main.main(Main.java:5){noformat} > The files were generated by fuzzing and are (probably) not valid TTF file= s. -- This message was sent by Atlassian JIRA (v7.6.14#76016) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org For additional commands, e-mail: dev-help@pdfbox.apache.org