[CODEC-313] QuotedPrintableCodec.encodeQuotedPrintable throws ArrayIndexOutOfBoundException - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.16.1
Labels:
- ArrayIndexOutOfBoundsException

External issue URL:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64358
External issue ID:
64358
Language:
- java

Description

The encodeQuotedPrintable() method takes in a random byte array and processes it. If the provided strict boolean is true, it will go into the first branch. There is a for loop to loop through the byte array from the index 0 to the index byte.length - 3. The index is then used directly in getUnsignedOctet method If the length of the byte array is less than 3, it will result in a negative index and cause ArrayIndexOutOfBoundsException in getUnsignedOctet() method call.

Possible fix could add a conditional check to ensure the index is never negative. It will simply return null if the byte array is too short (with a length less than 3) if strict value is true.

We found this bug using fuzzing by way of OSS-Fuzz. It is reported at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64358.

Attachments

Issue Links

links to

GitHub Pull Request #221

Activity

People

Assignee:: Unassigned

Reporter:: Sheung Chi Chan

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22/Nov/23 16:41

Updated:: 04/Feb/24 13:28

Resolved:: 04/Feb/24 13:28