[
https://issues.apache.org/jira/browse/PDFBOX-4622?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16901703#comment-16901703
]
ASF subversion and git services commented on PDFBOX-4622:
---------------------------------------------------------
Commit 1864588 from Tilman Hausherr in branch 'pdfbox/branches/1.8'
[ https://svn.apache.org/r1864588 ]
PDFBOX-4622: check the seek position
> Various exceptions in TTFParser.parse
> -------------------------------------
>
> Key: PDFBOX-4622
> URL: https://issues.apache.org/jira/browse/PDFBOX-4622
> Project: PDFBox
> Issue Type: Bug
> Components: FontBox
> Affects Versions: 1.8.16, 2.0.16
> Environment: openjdk version "1.8.0_212"
> OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b03)
> OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b03, mixed mode)
> MacOS Mojave
> Reporter: Alex Rebert
> Priority: Minor
> Attachments: fontbox-exceptions.zip
>
>
> {{TTFParser.parse}} can lead to various unchecked exceptions when parsing
> malformed inputs.
> *Steps to repro*
> # Create & compile Main.java:
> {code:java}
> import org.apache.fontbox.ttf.TTFParser;
> class Main {
> public static void main(String[] args) throws Throwable {
> (new TTFParser()).parse(System.in);
> }
> }{code}
> * Download the inputs ([^fontbox-exceptions.zip]) and extract them.
> * For each input, run {{cat <input> | java -cp 'jars/*' Main}} to reproduce
> the exceptions, where `jars` is a folder containing the pdfbox jars.
> *Stacktraces*
> {noformat}
> $ cat NullPtrException.HorizontalMetricsTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.NullPointerException
> at
> org.apache.fontbox.ttf.HorizontalMetricsTable.read(HorizontalMetricsTable.java:53)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.PostScriptTable.read | java -cp 'jars/*'
> Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 258
> at org.apache.fontbox.ttf.PostScriptTable.read(PostScriptTable.java:137)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.NamingTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException:
> -1674355620
> at
> org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
> at
> org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
> at org.apache.fontbox.ttf.NamingTable.read(NamingTable.java:63)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.CmapSubtable.initSubtable | java -cp
> 'jars/*' Main
> Aug 05, 2019 4:13:54 PM org.apache.fontbox.ttf.CmapSubtable processSubtype13
> WARNING: Format 13 cmap contains an invalid glyph index
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -916972
> at
> org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
> at
> org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
> at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:74)
> at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.HorizontalHeaderTable.read | java -cp
> 'jars/*' Main
> Aug 05, 2019 4:13:54 PM org.apache.fontbox.ttf.CmapSubtable processSubtype12
> WARNING: Format 12 cmap contains an invalid glyph index
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -524
> at
> org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
> at
> org.apache.fontbox.ttf.MemoryTTFDataStream.readSignedShort(MemoryTTFDataStream.java:134)
> at org.apache.fontbox.ttf.TTFDataStream.read32Fixed(TTFDataStream.java:50)
> at
> org.apache.fontbox.ttf.HorizontalHeaderTable.read(HorizontalHeaderTable.java:65)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat NullPtrException.IndexToLocationTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.NullPointerException
> at
> org.apache.fontbox.ttf.IndexToLocationTable.read(IndexToLocationTable.java:57)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
> at
> org.apache.fontbox.ttf.TrueTypeFont.getIndexToLocation(TrueTypeFont.java:232)
> at org.apache.fontbox.ttf.GlyphTable.read(GlyphTable.java:67)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.CmapTable.read | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException:
> -2147483116
> at
> org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
> at
> org.apache.fontbox.ttf.MemoryTTFDataStream.readUnsignedShort(MemoryTTFDataStream.java:116)
> at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:75)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat NullPtrException.VerticalMetricsTable.read | java -cp 'jars/*' Main
> ...
> Exception in thread "main" java.lang.NullPointerException
> at
> org.apache.fontbox.ttf.VerticalMetricsTable.read(VerticalMetricsTable.java:60)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat NullPtrException.CmapSubtable.processSubtype13 | java -cp 'jars/*' Main
> Exception in thread "main" java.lang.NullPointerException
> at
> org.apache.fontbox.ttf.CmapSubtable.processSubtype13(CmapSubtable.java:319)
> at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:114)
> at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> {noformat}
> $ cat ArrayIndexOutOfBoundsException.MaximumProfileTable.read | java -cp
> 'jars/*' Main
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException:
> -1788932292
> at
> org.apache.fontbox.ttf.MemoryTTFDataStream.read(MemoryTTFDataStream.java:102)
> at
> org.apache.fontbox.ttf.MemoryTTFDataStream.readSignedShort(MemoryTTFDataStream.java:134)
> at org.apache.fontbox.ttf.TTFDataStream.read32Fixed(TTFDataStream.java:50)
> at
> org.apache.fontbox.ttf.MaximumProfileTable.read(MaximumProfileTable.java:274)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
> at
> org.apache.fontbox.ttf.TrueTypeFont.getMaximumProfile(TrueTypeFont.java:188)
> at
> org.apache.fontbox.ttf.TrueTypeFont.getNumberOfGlyphs(TrueTypeFont.java:369)
> at
> org.apache.fontbox.ttf.IndexToLocationTable.read(IndexToLocationTable.java:53)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TrueTypeFont.getTable(TrueTypeFont.java:142)
> at
> org.apache.fontbox.ttf.TrueTypeFont.getIndexToLocation(TrueTypeFont.java:232)
> at org.apache.fontbox.ttf.GlyphTable.read(GlyphTable.java:67)
> at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:353)
> at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150)
> at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106)
> at Main.main(Main.java:5){noformat}
> The files were generated by fuzzing and are (probably) not valid TTF files.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
