Andrey Slepykh created DIRAPI-417:
-------------------------------------
Summary: ArrayIndexOutOfBoundsException in Asn1Decoder
Key: DIRAPI-417
URL: https://issues.apache.org/jira/browse/DIRAPI-417
Project: Directory Client API
Issue Type: Bug
Affects Versions: 2.1.7
Reporter: Andrey Slepykh
Attachments: ReproducerArrayIndexOutOfBoundsException.java
Hi, we were fuzzing Asn1Decoder and have found ArrayIndexOutOfBoundsException.
Steps to reproduce:
1. Download Apache Directory LDAP API v2.1.7:
{code:bash}
wget wget
https://github.com/apache/directory-ldap-api/archive/refs/tags/2.1.7.tar.gz
tar xf 2.1.7.tar.gz && rm 2.1.7.tar.gz
{code}
2. Compile the project (we used jdk-11 and mvn-3.9.6):
{code:bash}
cd directory-ldap-api-2.1.7
mvn clean package
{code}
3. Get the reproducer:
{code:bash}
mkdir fuzz && cd fuzz
mv <path/to/reproducer>/ReproducerArrayIndexOutOfBoundsException.java .
{code}
4. Compile the reproducer:
{code:bash}
javac -cp
.:../../asn1/ber/target/classes/:../../asn1/api/target/classes/:../../ldap/codec/core/target/classes/:../../ldap/model/target/classes/:../../ldap/codec/core/target/classes/
./ReproducerArrayIndexOutOfBoundsException.java
{code}
5. Reproduce the exception:
{code:bash}
java -cp
.:../../asn1/ber/target/classes/:../../asn1/api/target/classes/:../../ldap/codec/core/target/classes/:../../ldap/model/target/classes/:../../ldap/codec/core/target/classes/:../../util/target/classes/:../../util/target/classes/:../../integ-osgi/target/dependency/slf4j-api-1.7.36.jar:../../i18n/target/classes/:../../integ-osgi/target/dependency/mina-core-2.2.3.jar
ReproducerArrayIndexOutOfBoundsException
{code}
Found by Linux Verification Center (portal.linuxtesting.ru) with jazzer.
Author L.Reviakin ([email protected])
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
