[jira] [Created] (PDFBOX-4822) Off-by-one error in PDSignature.getConvertedContents()

Thu, 30 Apr 2020 10:51:15 -0700 

Gábor Stefanik created PDFBOX-4822:
--------------------------------------

             Summary: Off-by-one error in PDSignature.getConvertedContents()
                 Key: PDFBOX-4822
                 URL: https://issues.apache.org/jira/browse/PDFBOX-4822
             Project: PDFBox
          Issue Type: Bug
          Components: PDModel
    Affects Versions: 2.0.19
            Reporter: Gábor Stefanik


In PDSignature.java, we have the following function:

 
{code:java}
    private byte[] getConvertedContents(InputStream is) throws IOException
    {
        ByteArrayOutputStream byteOS = new ByteArrayOutputStream(1024);
        byte[] buffer = new byte[1024];
        int c;
        while ((c = is.read(buffer)) != -1)
        {
            // Filter < and (
            if(buffer[0]==0x3C || buffer[0]==0x28)
            {
                byteOS.write(buffer, 1, c); // ERROR: may read buffer[1024], 
which doesn't exist!
            }
            // Filter > and )
            else if(buffer[c-1]==0x3E || buffer[c-1]==0x29)
            {
                byteOS.write(buffer, 0, c-1);
            }
            else
            {
                byteOS.write(buffer, 0, c);
            }
        }
        is.close();        return 
COSString.parseHex(byteOS.toString("ISO-8859-1")).getBytes();
    }
{code}
If c = 1024 (i.e. is.read() fills the buffer completely), and the first byte is 
0x3C or 0x28, we try to read the 1025th byte of the buffer, and hit an 
IndexOutOfBoundsException:

 

 
{noformat}
java.lang.IndexOutOfBoundsException: Range [1, 1 + 1024) out of bounds for 
length 1024
    at jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64) ~[?:?]
    at 
jdk.internal.util.Preconditions.outOfBoundsCheckFromIndexSize(Preconditions.java:82)
 ~[?:?]
    at 
jdk.internal.util.Preconditions.checkFromIndexSize(Preconditions.java:343) 
~[?:?]
    at java.util.Objects.checkFromIndexSize(Objects.java:424) ~[?:?]
    at java.io.ByteArrayOutputStream.write(ByteArrayOutputStream.java:155) 
~[?:?]
    at 
org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getConvertedContents(PDSignature.java:348)
 ~[pdfbox-2.0.19.jar:2.0.19]
    at 
org.apache.pdfbox.pdmodel.interactive.digitalsignature.PDSignature.getContents(PDSignature.java:335)
 ~[pdfbox-2.0.19.jar:2.0.19]{noformat}
 

By changing the first byteOS.write call to this:

 
{code:java}
                byteOS.write(buffer, 1, c-1);
{code}
the problem is fixed.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org

Reply via email to