search

LibrePDF / OpenPDF

OpenPDF is a free Java library for creating and editing PDF files, with a LGPL and MPL open source license. OpenPDF is based on a fork of iText. We welcome contributions from other developers. Please feel free to submit pull-requests and bugreports to this GitHub repository.
Other
3.59k stars 591 forks source link

List of bugs found in openPDF predecessor #875

Open Lonzak opened 1 year ago

Lonzak commented 1 year ago

There is a report of bugs found by some univercity students . Some might apply to OpenPDF as well. At least it is worth checking out. Another possibility would be to request another scan by these gyus...

Original Bug Report

The bug report folder can be downloaded from https://drive.google.com/drive/folders/1b38Mi8fKp05vzMbth1oiopFYNH92GWrK?usp=sharing

Total 56 bugs are reported in this pull request. A full list is provided below. Folder structure

Level 1 (folder): exception type
Level 2 (folder): error location
Level 3 (files): POC file and report.txt including reproducing steps

report.txt content:

Exception type
Error location
Bug cause and impact
Crash thread's stacks
Steps to reproduce

Bug full list

java.lang.ArrayIndexOutOfBoundsException
-- com.itextpdf.kernel.crypto.ARCFOUREncryption.encryptARCFOUR--ARCFOUREncryption.java-93
-- com.itextpdf.kernel.crypto.securityhandler.StandardHandlerUsingStandard128.computeOwnerKey--StandardHandlerUsingStandard128.java-81
-- com.itextpdf.kernel.pdf.PdfXrefTable.clear--PdfXrefTable.java-448
-- com.itextpdf.kernel.pdf.PdfXrefTable.get--PdfXrefTable.java-153
-- com.itextpdf.kernel.pdf.PdfXrefTable.initFreeReferencesList--PdfXrefTable.java-185
java.lang.ClassCastException
-- com.itextpdf.kernel.crypto.securityhandler.StandardHandlerUsingStandard40.initKeyAndReadDictionary--StandardHandlerUsingStandard40.java-193
-- com.itextpdf.kernel.pdf.PdfDocument.open--PdfDocument.java-1958
-- com.itextpdf.kernel.pdf.PdfEncryption.readAndSetCryptoModeForStdHandler--PdfEncryption.java-531
-- com.itextpdf.kernel.pdf.PdfEncryption.readAndSetCryptoModeForStdHandler--PdfEncryption.java-534
-- com.itextpdf.kernel.pdf.PdfReader.readObject--PdfReader.java-1344
java.lang.NegativeArraySizeException
-- com.itextpdf.kernel.pdf.PdfXrefTable.extendXref--PdfXrefTable.java-598
java.lang.NullPointerException
-- com.itextpdf.kernel.crypto.securityhandler.StandardHandlerUsingStandard40.initKeyAndReadDictionary--StandardHandlerUsingStandard40.java-194
-- com.itextpdf.kernel.crypto.securityhandler.StandardSecurityHandler.getIsoBytes--StandardSecurityHandler.java-94
-- com.itextpdf.kernel.pdf.PdfArray.get--PdfArray.java-374
-- com.itextpdf.kernel.pdf.PdfObjectWrapper.markObjectAsIndirect--PdfObjectWrapper.java-141
-- com.itextpdf.kernel.pdf.PdfReader.getOriginalFileId--PdfReader.java-669
-- com.itextpdf.kernel.pdf.PdfReader.readDecryptObj--PdfReader.java-1287
-- com.itextpdf.kernel.pdf.PdfReader.readObject--PdfReader.java-1344
-- com.itextpdf.kernel.pdf.PdfReader.readObjectStream--PdfReader.java-738
-- com.itextpdf.kernel.pdf.PdfReader.readObjectStream--PdfReader.java-739
-- com.itextpdf.kernel.pdf.PdfReader.readObjectStream--PdfReader.java-740
-- com.itextpdf.kernel.pdf.PdfReader.readObjectStream--PdfReader.java-773
-- com.itextpdf.kernel.pdf.PdfReader.readObjectStream--PdfReader.java-792
java.lang.NumberFormatException
-- com.itextpdf.io.source.PdfTokenizer.getIntValue--PdfTokenizer.java-512
-- com.itextpdf.io.source.PdfTokenizer.nextValidToken--PdfTokenizer.java-314
-- com.itextpdf.io.source.PdfTokenizer.nextValidToken--PdfTokenizer.java-315
java.lang.OutOfMemoryError
-- com.itextpdf.kernel.pdf.PdfReader.readStreamBytesRaw--PdfReader.java-391
-- com.itextpdf.kernel.pdf.PdfXrefTable.extendXref--PdfXrefTable.java-598
java.lang.StackOverflowError
-- com.itextpdf.io.source.ByteBuffer.append--ByteBuffer.java-110
-- com.itextpdf.io.source.PdfTokenizer.getStringValue--PdfTokenizer.java-187
-- com.itextpdf.io.source.PdfTokenizer.nextToken--PdfTokenizer.java-341
-- com.itextpdf.io.source.PdfTokenizer.nextToken--PdfTokenizer.java-343
-- com.itextpdf.io.source.PdfTokenizer.nextToken--PdfTokenizer.java-361
-- com.itextpdf.io.source.PdfTokenizer.nextToken--PdfTokenizer.java-377
-- com.itextpdf.io.source.PdfTokenizer.nextToken--PdfTokenizer.java-413
-- com.itextpdf.io.source.PdfTokenizer.nextToken--PdfTokenizer.java-452
-- com.itextpdf.io.source.PdfTokenizer.nextToken--PdfTokenizer.java-469
-- com.itextpdf.io.source.PdfTokenizer.nextValidToken--PdfTokenizer.java-271
-- com.itextpdf.io.source.PdfTokenizer.nextValidToken--PdfTokenizer.java-300
-- com.itextpdf.io.source.PdfTokenizer.nextValidToken--PdfTokenizer.java-306
-- com.itextpdf.io.source.PdfTokenizer.nextValidToken--PdfTokenizer.java-314
-- com.itextpdf.io.source.RandomAccessFileOrArray.read--RandomAccessFileOrArray.java-138
-- com.itextpdf.io.util.MessageFormatUtil.format--MessageFormatUtil.java-55
-- com.itextpdf.kernel.pdf.PdfDictionary.putAll--PdfDictionary.java-333
-- com.itextpdf.kernel.pdf.PdfName.compareTo--PdfName.java-1003
-- com.itextpdf.kernel.pdf.PdfNumber.generateValue--PdfNumber.java-180
-- com.itextpdf.kernel.pdf.PdfReader.readArray--PdfReader.java-944
-- com.itextpdf.kernel.pdf.PdfReader.readDictionary--PdfReader.java-923
-- com.itextpdf.kernel.pdf.PdfReader.readObject--PdfReader.java-1336
-- com.itextpdf.kernel.pdf.PdfReader.readObject--PdfReader.java-1344
-- com.itextpdf.kernel.pdf.PdfReader.readObject--PdfReader.java-801
-- com.itextpdf.kernel.pdf.PdfReader.readObject--PdfReader.java-845
-- com.itextpdf.kernel.pdf.PdfReader.readPdfName--PdfReader.java-912
-- com.itextpdf.kernel.pdf.PdfReader.readReference--PdfReader.java-817
-- com.itextpdf.kernel.pdf.PdfReader.readReference--PdfReader.java-834
java.lang.StringIndexOutOfBoundsException
-- com.itextpdf.io.source.PdfTokenizer.checkPdfHeader--PdfTokenizer.java-239
kandadishiva commented 1 month ago

@asturio @Lonzak @daviddurand Do we have these bugs in OpenPDF? If they are present, have all of them been fixed? If so, in which version were they resolved?