[
https://issues.apache.org/jira/browse/PDFBOX-6055?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18016809#comment-18016809
]
Tim Allison commented on PDFBOX-6055:
-------------------------------------
Oh. Thank you. I'll update that.
If the AFMParser is only run on trusted data, e.g. on the fonts in
{{{}resources/o.a.pdfbox.resources.afm{}}}, then, I agree that we should get
rid of that.
If it is ever used on untrusted user data, I think we should include it.
For example, this runtime should probably be an IOException ("Unexpected end of
CharMetric object")?
{noformat}
== Java Exception: java.util.NoSuchElementException at
java.base/java.util.StringTokenizer.nextToken(StringTokenizer.java:347) at
org.apache.fontbox.afm.AFMParser.parseCharMetric(AFMParser.java:681) at
org.apache.fontbox.afm.AFMParser.parseCharMetrics(AFMParser.java:641) at
org.apache.fontbox.afm.AFMParser.parseFontMetric(AFMParser.java:438) at
org.apache.fontbox.afm.AFMParser.parse(AFMParser.java:311) at
com.example.AFMParserFuzzer.fuzzerTestOneInput(AFMParserFuzzer.java:34)
{noformat}
> Expand coverage in oss-fuzz
> ---------------------------
>
> Key: PDFBOX-6055
> URL: https://issues.apache.org/jira/browse/PDFBOX-6055
> Project: PDFBox
> Issue Type: Task
> Reporter: Tim Allison
> Priority: Minor
> Attachments: image-2025-08-27-11-54-57-286.png
>
>
> As part of DARPA's AIxCC program, I developed several oss-fuzz harnesses in
> our private fork. I'd like to contribute those.
> Since the competition completed, I've added a few more harnesses and tried to
> improve seed coverage.
> This is the draft PR: [https://github.com/google/oss-fuzz/pull/13873]
> Please take a look and let me know what you think.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
