search

unidoc / unipdf

Golang PDF library for creating and processing PDF files (pure go)
https://unidoc.io
Other
2.54k stars 250 forks source link

[BUG] ccittfax.seekChangingElem - panic: runtime error: index out of range [-1] #314

Closed gunnsth closed 4 years ago

gunnsth commented 4 years ago

Description

A crash was discovered while fuzzing.

Expected Behavior

Expect fuzz function to execute through without crashes or timeouts.

Actual Behavior

Steps to reproduce the behavior:

  1. Run the fuzz function on the provided snippet.
  2. View crash message.
Unlicensed copy of unidoc
To get rid of the watermark - Please get a license on https://unidoc.io
panic: runtime error: index out of range [-1]

goroutine 1 [running]:
github.com/unidoc/unipdf/v3/internal/ccittfax.seekChangingElem(0xc000529880, 0x2c2, 0x380, 0xfffffffffffffffe, 0x1)
        /go/pkg/mod/github.com/unidoc/unipdf/v3@v3.6.2-0.20200416143234-61ff51916a36/internal/ccittfax/encoder.go:425 +0x1bc
github.com/unidoc/unipdf/v3/internal/ccittfax.seekB12D(0x0, 0x0, 0x0, 0xc000529880, 0x2c2, 0x380, 0xfffffffffffffffe, 0x600, 0x0)
        /go/pkg/mod/github.com/unidoc/unipdf/v3@v3.6.2-0.20200416143234-61ff51916a36/internal/ccittfax/encoder.go:451 +0x71
github.com/unidoc/unipdf/v3/internal/ccittfax.decodeVerticalMode(0xc00016c600, 0x3a, 0x40, 0x0, 0x0, 0x0, 0x1000, 0xfffffffffffffffe, 0x3, 0x0, ...)
        /go/pkg/mod/github.com/unidoc/unipdf/v3@v3.6.2-0.20200416143234-61ff51916a36/internal/ccittfax/decode.go:387 +0xb3
github.com/unidoc/unipdf/v3/internal/ccittfax.(*Encoder).decodeG4(0xc000151d00, 0xc000510000, 0x1b57, 0x1b57, 0x7f42c9420108, 0xc000000180, 0x7, 0x1, 0x118)
        /go/pkg/mod/github.com/unidoc/unipdf/v3@v3.6.2-0.20200416143234-61ff51916a36/internal/ccittfax/decode.go:348 +0xa6d
github.com/unidoc/unipdf/v3/internal/ccittfax.(*Encoder).Decode(0xc000151d00, 0xc000510000, 0x1b57, 0x1b57, 0x4219b5, 0xc0005091a0, 0x7f42a052b4d3, 0x118f204, 0x11a)
        /go/pkg/mod/github.com/unidoc/unipdf/v3@v3.6.2-0.20200416143234-61ff51916a36/internal/ccittfax/decode.go:98 +0x143
github.com/unidoc/unipdf/v3/core.(*CCITTFaxEncoder).DecodeBytes(0xc000501320, 0xc000510000, 0x1b57, 0x1b57, 0x40e128, 0x10, 0x9d4f60, 0x11a, 0x11b)
        /go/pkg/mod/github.com/unidoc/unipdf/v3@v3.6.2-0.20200416143234-61ff51916a36/core/encoding.go:1913 +0xfd
github.com/unidoc/unipdf/v3/core.(*CCITTFaxEncoder).DecodeStream(0xc000501320, 0xc000061ec0, 0xd, 0xc0005091a0, 0x1, 0x1, 0xc0003b9e01)
        /go/pkg/mod/github.com/unidoc/unipdf/v3@v3.6.2-0.20200416143234-61ff51916a36/core/encoding.go:1949 +0x67
github.com/unidoc/unipdf/v3/core.DecodeStream(0xc000061ec0, 0x2, 0xb277e0, 0xc000061ec0, 0x0, 0x0)
        /go/pkg/mod/github.com/unidoc/unipdf/v3@v3.6.2-0.20200416143234-61ff51916a36/core/stream.go:94 +0x287
unipdf-fuzz.fuzzProbeObjects(0x7f42a058b000, 0x45fc, 0x45fc, 0x1)
        /fuzz/fuzz.go:87 +0x32a
unipdf-fuzz.Fuzz(0x7f42a058b000, 0x45fc, 0x45fc, 0x4)
        /fuzz/fuzz.go:130 +0xb9
go-fuzz-dep.Main(0xc000151f70, 0x1, 0x1)
        go-fuzz-dep/main.go:36 +0x1ad
main.main()
        unipdf-fuzz/go.fuzz.main/main.go:15 +0x52
exit status 2

Attachments

PDF from fuzz corpus: 4c50f46176f9b8a2f5c454e6a980c582b5323099 Code: fuzz.go