Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-4623

COSParser: Infinite recursion

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.0.16
    • Fix Version/s: 3.0.0 PDFBox
    • Component/s: Parsing
    • Labels:
      None
    • Environment:
      java version "12" 2019-03-19
      Java(TM) SE Runtime Environment (build 12+33)
      Java HotSpot(TM) 64-Bit Server VM (build 12+33, mixed mode, sharing)

      MacOS Mojave

      Description

      Parsing an invalid PDF can lead to an infinite recursion in COSParser, which results in a StackOverflowError.

      Steps to repro

      1. Download malformed PDF (attached)
      2. Run: java -jar pdfbox-app-2.0.16.jar ExtractText infinite-recursion.pdf

      Stacktrace

      Exception in thread "main" java.lang.StackOverflowError [1005/1916]
       at java.base/sun.nio.cs.UTF_8.updatePositions(UTF_8.java:79)
       at java.base/sun.nio.cs.UTF_8$Decoder.xflow(UTF_8.java:210)
       at java.base/sun.nio.cs.UTF_8$Decoder.decodeArrayLoop(UTF_8.java:321)
       at java.base/sun.nio.cs.UTF_8$Decoder.decodeLoop(UTF_8.java:414)
       at java.base/java.nio.charset.CharsetDecoder.decode(CharsetDecoder.java:578)
       at java.base/java.nio.charset.CharsetDecoder.decode(CharsetDecoder.java:801)
       at org.apache.pdfbox.pdfparser.BaseParser.isValidUTF8(BaseParser.java:787)
       at org.apache.pdfbox.pdfparser.BaseParser.parseCOSName(BaseParser.java:768)
       at org.apache.pdfbox.pdfparser.BaseParser.parseDirObject(BaseParser.java:887)
       at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionaryValue(BaseParser.java:154)
       at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionaryNameValuePair(BaseParser.java:283)
       at org.apache.pdfbox.pdfparser.BaseParser.parseCOSDictionary(BaseParser.java:216)
       at org.apache.pdfbox.pdfparser.BaseParser.parseDirObject(BaseParser.java:867)
       at org.apache.pdfbox.pdfparser.COSParser.parseFileObject(COSParser.java:912)
       at org.apache.pdfbox.pdfparser.COSParser.parseObjectDynamically(COSParser.java:881)
       at org.apache.pdfbox.pdfparser.COSParser.parseObjectDynamically(COSParser.java:801)
       at org.apache.pdfbox.pdfparser.COSParser.getLength(COSParser.java:1055)
       at org.apache.pdfbox.pdfparser.COSParser.parseCOSStream(COSParser.java:1114)
       at org.apache.pdfbox.pdfparser.COSParser.parseFileObject(COSParser.java:920)
       at org.apache.pdfbox.pdfparser.COSParser.parseObjectDynamically(COSParser.java:881)
       at org.apache.pdfbox.pdfparser.COSParser.parseObjectDynamically(COSParser.java:801)
       at org.apache.pdfbox.pdfparser.COSParser.getLength(COSParser.java:1055)
       at org.apache.pdfbox.pdfparser.COSParser.parseCOSStream(COSParser.java:1114)
       at org.apache.pdfbox.pdfparser.COSParser.parseFileObject(COSParser.java:920)
       at org.apache.pdfbox.pdfparser.COSParser.parseObjectDynamically(COSParser.java:881)
       at org.apache.pdfbox.pdfparser.COSParser.parseObjectDynamically(COSParser.java:801)
       at org.apache.pdfbox.pdfparser.COSParser.getLength(COSParser.java:1055)
       at org.apache.pdfbox.pdfparser.COSParser.parseCOSStream(COSParser.java:1114)
       at org.apache.pdfbox.pdfparser.COSParser.parseFileObject(COSParser.java:920)
       at org.apache.pdfbox.pdfparser.COSParser.parseObjectDynamically(COSParser.java:881)
       at org.apache.pdfbox.pdfparser.COSParser.parseObjectDynamically(COSParser.java:801)
       at org.apache.pdfbox.pdfparser.COSParser.getLength(COSParser.java:1055)
       at org.apache.pdfbox.pdfparser.COSParser.parseCOSStream(COSParser.java:1114)
       ...
      

      The file was generated by fuzzing and is (probably) not a valid PDF file.

       

        Attachments

        1. poppler-91414-1.zip-2.gz-53.pdf
          0.7 kB
          Tilman Hausherr
        2. poppler-43279-0.pdf
          6 kB
          Tilman Hausherr
        3. loop_in_page_tree.pdf
          0.7 kB
          Tim Allison
        4. infinite-recursion.pdf
          1 kB
          Alex Rebert

          Issue Links

            Activity

              People

              • Assignee:
                lehmi Andreas Lehmkühler
                Reporter:
                apr Alex Rebert
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: