Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.0-alpha1
Description
I simply ran the Kelinci AFL-based Java fuzzer with the common immaging as explained here (with better input files than the author, fuzzing is all about corpus data):
https://github.com/isstac/kelinci/tree/master/examples/commons-imaging
I found the following issue when parsing the attached file:
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 0
at org.apache.commons.imaging.formats.jpeg.segments.DhtSegment$HuffmanTable.<init>(DhtSegment.java:79)
at org.apache.commons.imaging.formats.jpeg.segments.DhtSegment.<init>(DhtSegment.java:173)
at org.apache.commons.imaging.formats.jpeg.segments.DhtSegment.<init>(DhtSegment.java:146)
at org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.visitSegment(JpegDecoder.java:219)
at org.apache.commons.imaging.formats.jpeg.JpegUtils.traverseJFIF(JpegUtils.java:89)
at org.apache.commons.imaging.formats.jpeg.decoder.JpegDecoder.decode(JpegDecoder.java:437)
at org.apache.commons.imaging.formats.jpeg.JpegImageParser.getBufferedImage(JpegImageParser.java:97)
at driver.Driver.main(Driver.java:23)
The rest is as described in the link, I also used commons-imaging-1.0-RC7.tar.gz
The parser doesn't declare that an ArrayIndexOutOfBoundsException could be thrown.
