[
https://issues.apache.org/jira/browse/PDFBOX-6045?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18009211#comment-18009211
]
Tilman Hausherr commented on PDFBOX-6045:
-----------------------------------------
I asked ChatGPT about that one, it suggested me two (complicated) programmatic
solutions and one configuration solution
https://chatgpt.com/share/6880b35c-edec-8006-9f4c-9ff331dcbef0
{code:xml}
<Console name="Console" target="SYSTEM_OUT">
<PatternLayout>
<RegexReplacement regex="\u001B\[[;\d]*m" replacement=""/>
<Pattern>%d [%t] %-5level: %msg%n</Pattern>
</PatternLayout>
</Console>
{code}
So this is something a user could do, if that user wants to log to the console.
> Potential Console Corruption
> ----------------------------
>
> Key: PDFBOX-6045
> URL: https://issues.apache.org/jira/browse/PDFBOX-6045
> Project: PDFBox
> Issue Type: Bug
> Affects Versions: 4.0.0
> Reporter: David Justamante
> Priority: Minor
> Attachments: image1.png, image2.png
>
>
> This issue is being *manually* filed by the competition organizers. We
> recognize there is a number of AI generated submissions as of late. We have
> gone through the manual process of bug/patch validation to prevent
> unnecessary "noise", respecting maintainers' time.
> This submission is being sent as part of DARPA's AIxCC competition.
> (https://aicyberchallenge.com) This issue was discovered and validated by
> competition engineers during challenge development. The patch was manually
> constructed by the competition engineers.
> We found via fuzzing that our console would occasionally get corrupted. This
> is caused from not filtering user-generated data during logging (and our
> choice to log to the console).
> In the first screenshot, you can see the point when the corruption happens.
> In the second, you can see the overall outcome.
> !image1.png|width=720,height=77!
> !image2.png|width=2009,height=664!
> We think the fix is to prevent {{\u001b}} from being written to logs. There
> may be other solutions.
> The above shows corruption via the font or maybe encoding, but it would be
> possible to do other things that could be problematic for users logging to
> the console — like turning the text invisible or other things.
> Some relevant links:
> * [https://gist.github.com/fnky/458719343aabd01cfb17a3a4f7296797]
> * [https://www.youtube.com/watch?v=3T2Al3jdY38]
>
> (AIxCC Internal: CHA-1733)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
