3 "fuzzed" PDF files crash PDF-Xchange Viewer Version 2.5

[RussellJ]

As part of a "homework" assignment for Udacity.com's hands-on Software Testing: How to Make Software Fail course, I programatically (in Python) "fuzzed" (randomly changed a random number of bytes of) several 100 PDF files, and tried opening them with the latest versions of 4 different PDF readers.

PDF-Xchange Viewer Version 2.5 (Build 315.0), (Sep 9 2015; 07:52:38) -- both the Portable version (ZIP) | 8 MB from Tracker Software Downloads and the PortableApps.com version -- crashed on 3 of the files.
(2 of the 3 files are merely 2 differently-fuzzed variants of 1 original PDF file.)

None of the 3 other PDF readers crashed on any of the 3 files, but only FoxIt was able to open any of them:

• 1. FoxIt(R) Reader Version 7.2.8.1124 opened 1 of the files, but gave "Format error: Not a PDF or corrupted." on the other 2.
  Although FoxIt opened the 1 file, Page 4 (of 90) was the only page which displayed anything.
  
  2. Adobe(R) Reader XI (11.0.13) gave "There was an error opening this document. There was a problem reading this document (14)" on the 1 file, and "There was an error opening this document. The root object is missing or invalid." on the other 2.
  
  3. Sumatra 3.1.1 PDF Reader (portable) gave "Error loading XYZ.pdf" {where "XYZ" is the filename} for all 3 files.

Before fuzzing, the one file (202KB) identifies its PDF Version as PDF-1.2 and its Producer as ESP Ghostscript 7.07. For the other 2 (519 KB each), the PDF Version is PDF-1.3 and the Producer is GNU Ghostscript 7.07.

The course instructor encouraged us to report any bugs we found.

Should I:

• 1. Try creating a crash dump (as explained at How do I create a crash dump file and send it to Tracker-Software for investigation??
  
  2. Send my crash-causing files and a crash dump to support@pdf-xchange.com?
  Or upload it to Tracker Software's FTP Server (as explained at How do I upload a file to Tracker Software's FTP server??

{I'm using Windows 7 Home Premium 64-bit SP1.}

Thank you.

- Russell J.
- PA

[Will - Tracker Supp]

Hi Russel,

Thanks for the post - the Viewer has been replaced by the Editor and is no longer supported, so please try the Editor:
https://www.pdf-xchange.com/PDFXVE5.zip

If that doesn't help, please send us a copy of the documents and please also explain what you mean by "fuzzed," as I'm not familiar with the term.

Thanks,

[RussellJ]

Will,

Thanks for your helpful reply.

I hadn't realized that the PDF X-Change Viewer had been replaced by the PDF X-Change Editor.
I had been using the portable PDF X-Change Viewer version that's available through PortableApps.com.
I much prefer it to Adobe Reader.

Thank you for making the fuller-featured PDX X-Change Editor available for free as well.
I think I'll enjoy using it.

I tried PDF X-Change Editor on the same 3 files, and it opened 2 of them fine but crashed on the other one.

I did some more checking, and found out which of my changes caused the crash. Here is the original file (which PDF X-Change Editor can open OK) and a modified version of it with only 1 byte changed (which crashes PDF X-Change Editor).

FYI - Acc. to Wikipedia:

Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks. Fuzzing is commonly used to test for security problems in software or computer systems. It is a form of random testing which has been used for testing hardware or software....

Here (attached) is a ZIP file of the 2 files and a screenshot of a WinMerge comparison of them.

- Russell J.

[RussellJ]

Here's a more helpful screenshot -- showing the difference in the HxD - Hex Editor.

It more clearly shows which byte is changed and how.

[RussellJ]

Here's another pair of files where the 1st one () and 2nd one () differ only by 1 character byte,
along with a screenshot of their differences.

Oops! Your system said that my .zip file was too big.

Here's a screenshot of the differences beween the 2 files.

If you want to see the files (1,066 KB each), maybe I can get them to you some other way.

[Stefan - PDF-XChange]

Hello RussellJ,

The website should allow attachments up to 5MB ... so if your files are really around 1 MB each - they should attach properly, so please do try once again.

Regards,
Stefan

[RussellJ]

I rebooted, and it still gives me an error with a 2,025KB Zip file (containing the 2 files and screenshot).

Here's the 1st raw (un-fuzzed) PDF file.

[RussellJ]

Here's the other PDF file -- the fuzzed (only 1 byte changed).

[Stefan - PDF-XChange]

Hi Russel,

Thanks for the files. Managed to reproduce the issue with the "fuzzed" one, and am asking our devs to take a look. Given the time of the year - it might take us a bit longer to follow up on this properly, but we are working on it already.

Happy Holidays!
Stefan

[Stefan - PDF-XChange]

Hi RussellJ,

Just a quick update- we tested the file with a pre-release of build 316 of the Editor, and the file doesn't cause problems there - so it seems like the issue is already taken care of.

Regards,
Stefan

[RussellJ]

I just wanted to confirm that it looks like your latest version of PDF-XChange Editor (5.5.316.1) is working great!

Over the night of January 19 (and into the morning of January 20), I ran tests with 2,000 iterations for each of 6 PDF readers: Adobe Acrobat Reader DC, Evince, FoxitReader, Sumatara PDF, and the OLD versions of both PDFXCView and PDFXEdit.
In those tests, the OLD version of PDFXCView crashed 2 times (0.1%) out of 2,000 and the OLD version of PDFXEdit crashed 562 times (28%) out of 2,000.
At that time, it seemed that PDFXedit wasn't nearly as stable as PDFXCView.

But just a few days later, over the night of January 21 (and into the morning of January 22), I ran similar tests with the new versions of PDFXCView (2.5.316.1) and PDFXEdit (5.5.316.1).
This time, PDFXCView (which you no longer support) still crashed 2 times, but PDFXEdit did NOT crash at all.
(The only other repeatable crashes this time were 9 with Evince -- a free open-source "document viewer" that supports PDF, Postscript, Multi-Page TIFF, DVI, and DjVu document formats.)

Thanks for making PDFXEdit freely available.

[Will - Tracker Supp]

Hi Russel,

That's great to hear, thanks for the update and kind words