You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Huang Wenjie (Jira)" <ji...@apache.org> on 2021/12/10 11:53:00 UTC
[jira] [Created] (PDFBOX-5339) A list of bugs found (70 bugs in total)
Huang Wenjie created PDFBOX-5339:
------------------------------------
Summary: A list of bugs found (70 bugs in total)
Key: PDFBOX-5339
URL: https://issues.apache.org/jira/browse/PDFBOX-5339
Project: PDFBox
Issue Type: Bug
Affects Versions: 3.0.0 JBIG2
Reporter: Huang Wenjie
Recently we (Zhang Cen and Huang Wenjie) found and submitted several bugs of latest pdfbox (3.0.0-alpha2).
For your convenience, here lists the bug summary for all reported bugs (will keep it updated).
Note that each issue is a unique bug (we sorted and refined them from thousands of crashes)
Any discussion about the bugs are welcome.
## Unqiue Bugs Found
<p style='text-align: justify;'>Recently we ([Zhang Cen](https://github.com/occia) and [Huang Wenjie](https://github.com/ZanderHuang)) discovered a series of bugs in latest pdfbox (3.0.0-alpha2).
Every bug we reported in the following is unique and reproducable. Furthermore, they have been manually analyzed and triaged in removing the duplicates.
<br />Due to the lack of contextual knowledge in the pdfbox library, we cannot thoroughly fix some bugs hence we look forward to any proposed plan from the developers in fixing these bugs.</p>
## Bug Report and Crash Seeds
The bug report folder can be downloaded from https://drive.google.com/drive/folders/1TMOzudQOVXPKdZ1--NyusyV7kHRA2MSE?usp=sharing
It contains both reports and crash seeds.
## Test Program to Reproduce Crashes
The test program can be downloaded from https://drive.google.com/file/d/1r0OsDC0vg8Qc-XtGg0XDKbxubaPozcBj/view?usp=sharing
Total 70 bugs are reported in this pull request.
A full list is provided below.
### Folder structure
- Level 1 (folder): exception type
- Level 2 (folder): error location
- Level 3 (files): POC file and **report.txt** including reproducing steps
### report.txt content:
1. Exception type
2. Error location
3. Bug cause and impact
4. Crash thread's stacks
5. Steps to reproduce
### Bug full list
pdfbox_reported_crashes_latest
├── java.lang.ArrayIndexOutOfBoundsException
│ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-781
│ ├── org.apache.fontbox.cff.Type1CharString.seac--Type1CharString.java-484
│ ├── org.apache.fontbox.ttf.HorizontalMetricsTable.getAdvanceWidth--HorizontalMetricsTable.java-113
│ ├── org.apache.pdfbox.filter.CCITTFaxDecoderStream.decode2D--CCITTFaxDecoderStream.java-218
│ └── org.apache.pdfbox.pdfparser.PDFXrefStreamParser=ObjectNumbers.<init>--PDFXrefStreamParser.java-202
├── java.lang.ClassCastException
│ ├── org.apache.fontbox.cff.CFFParser.parseType1Dicts--CFFParser.java-765
│ ├── org.apache.fontbox.cmap.CMapParser.parseBeginbfrange--CMapParser.java-377
│ ├── org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
│ ├── org.apache.pdfbox.pdmodel.font.PDFont.getAverageFontWidth--PDFont.java-402
│ ├── org.apache.pdfbox.pdmodel.font.PDType1CFont.<init>--PDType1CFont.java-101
│ └── org.apache.pdfbox.util.Matrix.<init>--Matrix.java-70
├── java.lang.IllegalArgumentException
│ ├── org.apache.fontbox.cff.CFFParser=DictData=Entry.getBoolean--CFFParser.java-1247
│ ├── org.apache.fontbox.cff.CFFParser.readCharset--CFFParser.java-1042
│ ├── org.apache.fontbox.cff.CFFParser.readEncoding--CFFParser.java-808
│ ├── org.apache.fontbox.cff.Type1CharString.callothersubr--Type1CharString.java-383
│ ├── org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-319
│ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-54
│ ├── org.apache.pdfbox.cos.COSObjectKey.<init>--COSObjectKey.java-58
│ ├── org.apache.pdfbox.pdmodel.font.PDFontFactory.createDescendantFont--PDFontFactory.java-128
│ ├── org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-100
│ ├── org.apache.pdfbox.pdmodel.font.PDFontFactory.createFont--PDFontFactory.java-104
│ ├── org.apache.pdfbox.pdmodel.font.PDType1Font.<init>--PDType1Font.java-202
│ └── org.apache.pdfbox.util.Matrix.checkFloatValues--Matrix.java-300
├── java.lang.IllegalStateException
│ ├── org.apache.fontbox.cff.CFFCharsetCID.getSIDForGID--CFFCharsetCID.java-59
│ └── org.apache.pdfbox.pdmodel.PDPageTree.sanitizeType--PDPageTree.java-261
├── java.lang.IndexOutOfBoundsException
│ ├── org.apache.fontbox.cff.CFFParser=DictData=Entry.getNumber--CFFParser.java-1229
│ ├── org.apache.fontbox.cff.Type1CharString.handleType1Command--Type1CharString.java-292
│ ├── org.apache.fontbox.cff.Type2CharString.handleType2Command--Type2CharString.java-146
│ ├── org.apache.fontbox.util.BoundingBox.<init>--BoundingBox.java-65
│ ├── org.apache.pdfbox.contentstream.operator.text.SetTextLeading.process--SetTextLeading.java-37
│ └── org.apache.pdfbox.cos.COSArray.getObject--COSArray.java-205
├── java.lang.NegativeArraySizeException
│ └── org.apache.pdfbox.pdfparser.PDFXrefStreamParser.parse--PDFXrefStreamParser.java-123
├── java.lang.NullPointerException
│ ├── org.apache.fontbox.cff.CFFParser.parseFont--CFFParser.java-486
│ ├── org.apache.fontbox.cff.CFFParser.readString--CFFParser.java-779
│ ├── org.apache.fontbox.cmap.CMap.toInt--CMap.java-207
│ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
│ ├── org.apache.fontbox.type1.Type1Parser.parseASCII--Type1Parser.java-125
│ ├── org.apache.fontbox.type1.Type1Parser.parseBinary--Type1Parser.java-530
│ ├── org.apache.fontbox.type1.Type1Parser.readEncoding--Type1Parser.java-210
│ ├── org.apache.fontbox.type1.Type1Parser.readOtherSubrs--Type1Parser.java-714
│ ├── org.apache.fontbox.type1.Type1Parser.readPostScriptWrapper--Type1Parser.java-423
│ ├── org.apache.fontbox.type1.Type1Parser.readProc--Type1Parser.java-458
│ ├── org.apache.fontbox.type1.Type1Parser.readProcVoid--Type1Parser.java-492
│ ├── org.apache.fontbox.type1.Type1Parser.read--Type1Parser.java-852
│ ├── org.apache.pdfbox.pdmodel.encryption.PDEncryption.getFilter--PDEncryption.java-159
│ ├── org.apache.pdfbox.pdmodel.font.PDSimpleFont.getStandard14Width--PDSimpleFont.java-327
│ ├── org.apache.pdfbox.pdmodel.font.PDTrueTypeFont.codeToGID--PDTrueTypeFont.java-549
│ ├── org.apache.pdfbox.pdmodel.font.PDType1CFont.codeToName--PDType1CFont.java-270
│ ├── org.apache.pdfbox.pdmodel.font.PDType1Font.codeToName--PDType1Font.java-552
│ ├── org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-321
│ ├── org.apache.pdfbox.pdmodel.font.PDType3Font.generateBoundingBox--PDType3Font.java-334
│ └── org.apache.pdfbox.pdmodel.font.PDType3Font.getCharProc--PDType3Font.java-373
├── java.lang.NumberFormatException
│ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-657
│ ├── org.apache.fontbox.cmap.CMapParser.parseNextToken--CMapParser.java-661
│ ├── org.apache.fontbox.type1.Token.floatValue--Token.java-112
│ ├── org.apache.fontbox.type1.Token.intValue--Token.java-107
│ └── org.apache.fontbox.type1.Type1Lexer.tryReadNumber--Type1Lexer.java-337
├── java.lang.StackOverflowError
│ ├── org.apache.pdfbox.cos.COSDictionary.getCOSArray--COSDictionary.java-593
│ ├── org.apache.pdfbox.cos.COSDictionary.getDictionaryObject--COSDictionary.java-178
│ ├── org.apache.pdfbox.cos.COSName.equals--COSName.java-738
│ ├── org.apache.pdfbox.io.RandomAccessReadBuffer.read--RandomAccessReadBuffer.java-217
│ ├── org.apache.pdfbox.pdfparser.BaseParser.isValidUTF8--BaseParser.java-788
│ ├── org.apache.pdfbox.pdmodel.PDPageTree.getKids--PDPageTree.java-156
│ ├── org.apache.pdfbox.util.SmallMap.findKey--SmallMap.java-67
│ └── org.apache.pdfbox.util.SmallMap.get--SmallMap.java-126
└── java.nio.BufferUnderflowException
├── org.apache.fontbox.type1.Type1Lexer.getChar--Type1Lexer.java-93
└── org.apache.fontbox.type1.Type1Lexer.readCharString--Type1Lexer.java-472
Any further discussion for these vulnerabilities including fix is welcomed and look forward to hearing from you.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org