[jira] [Commented] (PDFBOX-5339) A list of bugs found (70 bugs in total)

Sun, 23 Jan 2022 03:44:05 -0800 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-5339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17480601#comment-17480601
 ] 

ASF subversion and git services commented on PDFBOX-5339:
---------------------------------------------------------

Commit 1897366 from Tilman Hausherr in branch 'pdfbox/branches/2.0'
[ https://svn.apache.org/r1897366 ]

PDFBOX-5339: avoid NPE with poc crash-0d0c44bd0e2191567466772545138385a2c962a9

> A list of bugs found (70 bugs in total)
> ---------------------------------------
>
>                 Key: PDFBOX-5339
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-5339
>             Project: PDFBox
>          Issue Type: Bug
>    Affects Versions: 2.0.25, 3.0.0 PDFBox
>            Reporter: Huang Wenjie
>            Priority: Minor
>         Attachments: crash-4698e0dc7833a3f959d06707e01d03cda52a83f4
>
>
> 1. Unique Bugs Found
> Recently we (Zhang Cen, [https://github.com/occia] and Huang Wenjie 
> [https://github.com/ZanderHuang]) discovered a series of bugs in latest 
> pdfbox (3.0.0-alpha2).
> Every bug we reported in the following is unique and reproducable. 
> Furthermore, they have been manually analyzed and triaged in removing the 
> duplicates.
> Due to the lack of contextual knowledge in the pdfbox library, we cannot 
> thoroughly fix some bugs hence we look forward to any proposed plan from the 
> developers in fixing these bugs.
> 2. Bug Report and Crash Seeds
> The bug report folder can be downloaded from 
> [https://drive.google.com/drive/folders/1TMOzudQOVXPKdZ1--NyusyV7kHRA2MSE?usp=sharing]
> It contains both reports and crash seeds.
> 3. Test Program to Reproduce Crashes
> The test program can be downloaded from 
> [https://drive.google.com/file/d/1r0OsDC0vg8Qc-XtGg0XDKbxubaPozcBj/view?usp=sharing]
> Total 70 bugs are reported in this issue.
> A full list is provided below.
> 4. Folder structure
>  - Level 1 (folder): exception type
>  - Level 2 (folder): error location
>  - Level 3 (files): POC file and report.txt including reproducing steps
> 5. report.txt content:
>       1. Exception type
>       2. Error location
>       3. Bug cause and impact
>       4. Crash thread's stacks
>       5. Steps to reproduce
>  
> 6. Bug full list (crashes under java.lang.IllegalArgumentException and 
> IllegalStateException should be wrapped instead of using the common exception 
> types)
> pdfbox_reported_crashes
> ├── java.lang.ArrayIndexOutOfBoundsException
> │   ├─? org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-781
> │   ├─= org.apache.fontbox.cff.Type1CharString.seac--Type1CharString.java-484
> │   ├─= 
> org.apache.fontbox.ttf.HorizontalMetricsTable.getAdvanceWidth--HorizontalMetricsTable.java-113
> │   ├─= 
> org.apache.pdfbox.filter.CCITTFaxDecoderStream.decode2D--CCITTFaxDecoderStream.java-218
> │   └─= 
> org.apache.pdfbox.pdfparser.PDFXrefStreamParser=ObjectNumbers.<init>--PDFXrefStreamParser.java-202
> ├── java.lang.ClassCastException
> │   ├─= org.apache.fontbox.cff.CFFParser.parseType1Dicts--CFFParser.java-765
> │   ├─= 
> org.apache.fontbox.cmap.CMapParser.parseBeginbfrange--CMapParser.java-377
> │   ├─= 
> org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
> │   ├─= 
> org.apache.pdfbox.pdmodel.font.PDFont.getAverageFontWidth--PDFont.java-402
> │   ├─= 
> org.apache.pdfbox.pdmodel.font.PDType1CFont.<init>--PDType1CFont.java-101
> │   └─= org.apache.pdfbox.util.Matrix.<init>--Matrix.java-70
> ├── java.lang.IllegalArgumentException
> │   ├─= 
> org.apache.fontbox.cff.CFFParser=DictData=Entry.getBoolean--CFFParser.java-1247
> │   ├─= org.apache.fontbox.cff.CFFParser.readCharset--CFFParser.java-1042
> │   ├─= org.apache.fontbox.cff.CFFParser.readEncoding--CFFParser.java-808
> │   ├─= 
> org.apache.fontbox.cff.Type1CharString.callothersubr--Type1CharString.java-383
> │   ├─= 
> org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-319
> │   ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-54
> │   ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-58
> │   ├── 
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createDescendantFont--PDFontFactory.java-128
> │   ├── 
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-100
> │   ├── 
> org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-104
> │   ├─= 
> org.apache.pdfbox.pdmodel.font.PDType1Font.<init>--PDType1Font.java-202
> │   └── org.apache.pdfbox.util.Matrix.checkFloatValues--Matrix.java-300
> ├── java.lang.IllegalStateException
> │   ├── 
> org.apache.fontbox.cff.CFFCharsetCID.getSIDForGID--CFFCharsetCID.java-59
> │   └── org.apache.pdfbox.pdmodel.PDPageTree.sanitizeType--PDPageTree.java-261
> ├── java.lang.IndexOutOfBoundsException
> │   ├─= 
> org.apache.fontbox.cff.CFFParser=DictData=Entry.getNumber--CFFParser.java-1229
> │   ├─= 
> org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-292
> │   ├── 
> org.apache.fontbox.cff.Type2CharString.handleType2Command--Type2CharString.java-146
> │   ├─= org.apache.fontbox.util.BoundingBox.<init>--BoundingBox.java-65
> │   ├─= 
> org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
> │   └── org.apache.pdfbox.cos.COSArray.getObject--COSArray.java-205
> ├── java.lang.NegativeArraySizeException
> │   └─= 
> org.apache.pdfbox.pdfparser.PDFXrefStreamParser.parse--PDFXrefStreamParser.java-123
> ├── java.lang.NullPointerException
> │   ├─= org.apache.fontbox.cff.CFFParser.parseFont--CFFParser.java-486
> │   ├─= org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-779
> │   ├── org.apache.fontbox.cmap.CMap.toInt--CMap.java-207
> │   ├─= org.apache.fontbox.type1.Token.intValue--Token.java-107
> │   ├─? org.apache.fontbox.type1.Type1Parser.parseASCII--Type1Parser.java-125
> │   ├─? org.apache.fontbox.type1.Type1Parser.parseBinary--Type1Parser.java-530
> │   ├─? 
> org.apache.fontbox.type1.Type1Parser.readEncoding--Type1Parser.java-210
> │   ├─= 
> org.apache.fontbox.type1.Type1Parser.readOtherSubrs--Type1Parser.java-714
> │   ├─= 
> org.apache.fontbox.type1.Type1Parser.readPostScriptWrapper--Type1Parser.java-423
> │   ├─= org.apache.fontbox.type1.Type1Parser.readProc--Type1Parser.java-458
> │   ├─= 
> org.apache.fontbox.type1.Type1Parser.readProcVoid--Type1Parser.java-492
> │   ├─= org.apache.fontbox.type1.Type1Parser.read--Type1Parser.java-852
> │   ├─= 
> org.apache.pdfbox.pdmodel.encryption.PDEncryption.getFilter--PDEncryption.java-159
> │   ├─? 
> org.apache.pdfbox.pdmodel.font.PDSimpleFont.getStandard14Width--PDSimpleFont.java-327
> │   ├─= 
> org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.codeToGID--PDTrueTypeFont.java-549
> │   ├─= 
> org.apache.pdfbox.pdmodel.font.PDType1CFont.codeToName--PDType1CFont.java-270
> │   ├── 
> org.apache.pdfbox.pdmodel.font.PDType1Font.codeToName--PDType1Font.java-552
> │   ├── 
> org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-321
> │   ├── 
> org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-334
> │   └─= 
> org.apache.pdfbox.pdmodel.font.PDType3Font.getCharProc--PDType3Font.java-373
> ├── java.lang.NumberFormatException
> │   ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-657
> │   ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-661
> │   ├── org.apache.fontbox.type1.Token.floatValue--Token.java-112
> │   ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
> │   └── org.apache.fontbox.type1.Type1Lexer.tryReadNumber--Type1Lexer.java-337
> ├── java.lang.StackOverflowError
> │   ├── 
> org.apache.pdfbox.cos.COSDictionary.getCOSArray--COSDictionary.java-593
> │   ├── 
> org.apache.pdfbox.cos.COSDictionary.getDictionaryObject--COSDictionary.java-178
> │   ├── org.apache.pdfbox.cos.COSName.equals--COSName.java-738
> │   ├─= 
> org.apache.pdfbox.io.RandomAccessReadBuffer.read--RandomAccessReadBuffer.java-217
> │   ├─= 
> org.apache.pdfbox.pdfparser.BaseParser.isValidUTF8--BaseParser.java-788
> │   ├── org.apache.pdfbox.pdmodel.PDPageTree.getKids--PDPageTree.java-156
> │   ├── org.apache.pdfbox.util.SmallMap.findKey--SmallMap.java-67
> │   └── org.apache.pdfbox.util.SmallMap.get--SmallMap.java-126
> └── java.nio.BufferUnderflowException
>     ├── org.apache.fontbox.type1.Type1Lexer.getChar--Type1Lexer.java-93
>     └── 
> org.apache.fontbox.type1.Type1Lexer.readCharString--Type1Lexer.java-472
>     
>  7. Crashes under IllegalArgumentException and IllegalStateException types
> A couple of crashes are found under IllegalArgumentException and 
> IllegalStateException. These exceptions are caught and thrown by Pdfbox and 
> they are not bugs but non standard way of handling exceptions.  
> It will be better to standardize it by creating an exception wrapping for the 
> intended exceptions.
>  
> Any further discussion for these vulnerabilities including fix is welcomed 
> and look forward to hearing from you.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

Reply via email to