You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Tilman Hausherr (JIRA)" <ji...@apache.org> on 2017/06/22 17:27:00 UTC
[jira] [Created] (PDFBOX-3839) AIOOB in PDResources.getFont()
Tilman Hausherr created PDFBOX-3839:
---------------------------------------
Summary: AIOOB in PDResources.getFont()
Key: PDFBOX-3839
URL: https://issues.apache.org/jira/browse/PDFBOX-3839
Project: PDFBox
Issue Type: Bug
Components: FontBox, Parsing
Affects Versions: 2.0.6
Reporter: Tilman Hausherr
Assignee: Tilman Hausherr
Fix For: 2.0.7, 3.0.0
As reported by Lauri Laanti in the users mailing list:
{code}
java.lang.ArrayIndexOutOfBoundsException: 4
at org.apache.fontbox.ttf.PostScriptTable.getName(PostScriptTable.java:318)
at org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.readEncodingFromFont(PDTrueTypeFont.java:260)
at org.apache.pdfbox.pdmodel.font.PDSimpleFont.readEncoding(PDSimpleFont.java:134)
at org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.<init>(PDTrueTypeFont.java:209)
at org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont(PDFontFactory.java:75)
at org.apache.pdfbox.pdmodel.PDResources.getFont(PDResources.java:143)
Investigating the function in question:
public String getName(int gid)
313 {
314 if (gid < 0 || glyphNames == null || gid > glyphNames.length)
315 {
316 return null;
317 }
318 return glyphNames[gid];
319 }
I think that the check on line 314 should be :
gid < 0 || glyphNames == null || gid >= glyphNames.length
Otherwise, when gid == glyphNames.length there will be AIOOB.
{code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org