-
Notifications
You must be signed in to change notification settings - Fork 113
Bug trophy case
Rohan Padhye edited this page Dec 8, 2017
·
26 revisions
This is an incomplete list of the bugs found using JQF. Feel free to add to this list if you find more bugs in open-source projects using JQF.
- CVE-????: Partial denial-of-service vulnerability in OpenJDK 9
- Confirmed by Oracle and pending fix
- JDK-8190332: PngReader throws NegativeArraySizeException when width is too large
- JDK-8190511: PngReader throws OutOfMemoryError for very small malformed PNGs
- JDK-8190512: PngReader throws undocumented IllegalArgumentException: "Empty Region" instead of IOException for malformed images with negative dimensions
- JDK-8190997: PngReader throws NullPointerException when PLTE section is missing
- JDK-8191023: PngReader throws NegativeArraySizeException in parse_tEXt_chunk when keyword length exceeeds chunk size
- JDK-8191076: PngReader throws NegativeArraySizeException in parse_zTXt_chunk when keyword length exceeds chunk size
- JDK-8191109: PngReader throws NegativeArraySizeException in parse_iCCP_chunk when keyword length exceeds chunk size
- JDK-8191174: PngReader throws undocumented llegalArgumentException with message "Pixel stride times width must be <= scanline stride"
- JDK-8191073: JpegImageReader throws IndexOutOfBoundsException when reading malformed header
- (under review): SimpleDateFormat throws ArrayIndexOutOfBoundsException in subFormat()
- COMPRESS-424: BZip2CompressorInputStream throws ArrayIndexOutOfBoundsException(s) when decompressing malformed input
The source code examples in the wiki pages can be freely re-used under the same license as the rest of JQF.