Possible fix for https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38486

2024-11-09 20:44:03 -08:00 · 2021-09-11 08:56:09 -05:00 · 2021-09-11 08:56:09 -05:00 · f5ef61ec13
parent 91a423b050
commit f5ef61ec13
1 changed files with 10 additions and 2 deletions
--- a/core/src/main/java/com/google/zxing/pdf417/decoder/DecodedBitStreamParser.java
+++ b/core/src/main/java/com/google/zxing/pdf417/decoder/DecodedBitStreamParser.java
@ -180,8 +180,16 @@ final class DecodedBitStreamParser {
      segmentIndexArray[i] = codewords[codeIndex];
    }
    String segmentIndexString = decodeBase900toBase10(segmentIndexArray, NUMBER_OF_SEQUENCE_CODEWORDS);
-    int segmentIndex = segmentIndexString.isEmpty() ? 0 : Integer.parseInt(segmentIndexString);
-    resultMetadata.setSegmentIndex(segmentIndex);
+    if (segmentIndexString.isEmpty()) {
+      resultMetadata.setSegmentIndex(0);
+    } else {
+      try {
+        resultMetadata.setSegmentIndex(Integer.parseInt(segmentIndexString));
+      } catch (NumberFormatException nfe) {
+        // too large; bad input?
+        throw FormatException.getFormatInstance();
+      }
+    }

    // Decoding the fileId codewords as 0-899 numbers, each 0-filled to width 3. This follows the spec
    // (See ISO/IEC 15438:2015 Annex H.6) and preserves all info, but some generators (e.g. TEC-IT) write