Details
-
Bug
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
2.0.16, 3.0.0 PDFBox
-
None
-
openjdk version "1.8.0_212"
OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_212-b03)
OpenJDK 64-Bit Server VM (AdoptOpenJDK)(build 25.212-b03, mixed mode)
MacOS Mojave
Description
TTFParser.parse can lead to ArrayIndexOutOfBounds exceptions when parsing malformed inputs.
Steps to repro
- Create & compile Main.java:
import org.apache.fontbox.ttf.TTFParser; class Main { public static void main(String[] args) throws Throwable { (new TTFParser()).parse(System.in); } }
- Download the attached inputs and extract them.
- For each input, run cat <input> | java -cp 'jars/*' Main to reproduce the exceptions, where `jars` is a folder containing the pdfbox jars.
Stacktraces
$ cat ArrayIndexOutOfBoundsException.CmapSubtable.processSubtype13.320 | java -cp 'jars/*' Main Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0 at org.apache.fontbox.ttf.CmapSubtable.processSubtype13(CmapSubtable.java:320) at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:114) at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86) at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:377) at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) at Main.main(Main.java:5)
$ cat ArrayIndexOutOfBoundsException.CmapSubtable.processSubtype8.192 | java -cp 'jars/*' Main Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0 at org.apache.fontbox.ttf.CmapSubtable.processSubtype8(CmapSubtable.java:192) at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:105) at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86) at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:377) at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) at Main.main(Main.java:5)
$ cat ArrayIndexOutOfBoundsException.CmapSubtable.processSubtype8.167 | java -cp 'jars/*' Main Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 8192 at org.apache.fontbox.ttf.CmapSubtable.processSubtype8(CmapSubtable.java:167) at org.apache.fontbox.ttf.CmapSubtable.initSubtable(CmapSubtable.java:105) at org.apache.fontbox.ttf.CmapTable.read(CmapTable.java:86) at org.apache.fontbox.ttf.TrueTypeFont.readTable(TrueTypeFont.java:377) at org.apache.fontbox.ttf.TTFParser.parseTables(TTFParser.java:173) at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:150) at org.apache.fontbox.ttf.TTFParser.parse(TTFParser.java:106) at Main.main(Main.java:5)
The files were generated by fuzzing and are (probably) not valid TTF files. This is a follow-up to PDFBOX-4622. I fuzzed fontbox again after applying the patch from that issue (revision https://svn.apache.org/repos/asf/pdfbox/trunk@1864677).