You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pdfbox.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2019/01/31 07:52:00 UTC

[jira] [Commented] (PDFBOX-4451) ArrayIndexOutOfBoundsException in PDRectangle constructor

    [ https://issues.apache.org/jira/browse/PDFBOX-4451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16756984#comment-16756984 ] 

ASF subversion and git services commented on PDFBOX-4451:
---------------------------------------------------------

Commit 1852576 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1852576 ]

PDFBOX-4451: avoid ArrayIndexOutOfBoundsException

> ArrayIndexOutOfBoundsException in PDRectangle constructor
> ---------------------------------------------------------
>
>                 Key: PDFBOX-4451
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4451
>             Project: PDFBox
>          Issue Type: Bug
>    Affects Versions: 2.0.13
>            Reporter: Robin Schimpf
>            Priority: Minor
>         Attachments: ArrayIndexOutOfBoundsException PDRectangle
>
>
> Fuzzing PDF merging with JQF triggered an ArrayIndexOutOfBoundsException. The attached file is merged with itself.
> {code:java}
> java.lang.ArrayIndexOutOfBoundsException: 3
> 	at org.apache.pdfbox.pdmodel.common.PDRectangle.<init>(PDRectangle.java:135)
> 	at org.apache.pdfbox.pdmodel.PDPage.getMediaBox(PDPage.java:281)
> 	at org.apache.pdfbox.pdmodel.PDPage.getCropBox(PDPage.java:325)
> 	at org.apache.pdfbox.multipdf.PDFMergerUtility.appendDocument(PDFMergerUtility.java:740)
> 	at org.apache.pdfbox.multipdf.PDFMergerUtility.legacyMergeDocuments(PDFMergerUtility.java:390)
> 	at org.apache.pdfbox.multipdf.PDFMergerUtility.mergeDocuments(PDFMergerUtility.java:276)
> ...
> {code}
> The Code used for fuzzing is
> {code:java}
> try (OutputStream out = new ByteArrayOutputStream()) {
>     PDFMergerUtility pdfMergerUtility = new PDFMergerUtility();
>     pdfMergerUtility.addSource(file);
>     pdfMergerUtility.addSource(file);
>     pdfMergerUtility.setDestinationStream(out);
>     pdfMergerUtility.mergeDocuments(MemoryUsageSetting.setupMainMemoryOnly());
> }
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org