You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Bruno P. Kinoshita (JIRA)" <ji...@apache.org> on 2018/02/10 10:17:13 UTC

[jira] [Commented] (IMAGING-215) ArrayIndexOutOfBoundsException in DhtSegment

    [ https://issues.apache.org/jira/browse/IMAGING-215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16359357#comment-16359357 ] 

Bruno P. Kinoshita commented on IMAGING-215:
--------------------------------------------

Hi [~floyd]

Thanks for reporting the issue, and for the interesting links. I've added a bookmark with a note to read the paper and have a look at the fuzzer used. But before that, confirmed we had the exception from an assignment that wasn't confirming the array length and the index given during the huffman table creation for the one segment.

Added a fix and unit test.

Cheers

Bruno

> ArrayIndexOutOfBoundsException in DhtSegment
> --------------------------------------------
>
>                 Key: IMAGING-215
>                 URL: https://issues.apache.org/jira/browse/IMAGING-215
>             Project: Commons Imaging
>          Issue Type: Bug
>          Components: Format: JPEG
>    Affects Versions: 1.0
>            Reporter: floyd
>            Assignee: Bruno P. Kinoshita
>            Priority: Major
>              Labels: security
>         Attachments: ArrayIndexOutOfBoundsException_DhtSegment_79.jpeg
>
>
> I simply ran the Kelinci AFL-based Java fuzzer with the common immaging as explained here (with better input files than the author, fuzzing is all about corpus data):
> [https://github.com/isstac/kelinci/tree/master/examples/commons-imaging]
> I found the following issue when parsing the attached file:
>  
> {code:java}
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
> 	at org.apache.commons.imaging.formats.jpeg.segments.DhtSegment$HuffmanTable.<init>(DhtSegment.java:79)
> 	at org.apache.commons.imaging.formats.jpeg.segments.DhtSegment.<init>(DhtSegment.java:173)
> 	at org.apache.commons.imaging.formats.jpeg.segments.DhtSegment.<init>(DhtSegment.java:146)
> 	at org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.visitSegment(JpegDecoder.java:219)
> 	at org.apache.commons.imaging.formats.jpeg.JpegUtils.traverseJFIF(JpegUtils.java:89)
> 	at org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.decode(JpegDecoder.java:437)
> 	at org.apache.commons.imaging.formats.jpeg.JpegImageParser.getBufferedImage(JpegImageParser.java:97)
> 	at driver.Driver.main(Driver.java:23)
> {code}
> The rest is as described in the link, I also used commons-imaging-1.0-RC7.tar.gz
> The parser doesn't declare that an ArrayIndexOutOfBoundsException could be thrown.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)