[PDFBOX-4999] Dangerous COSDictionary.addAll(COSDictionary) method - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.0.21, 3.0.0 PDFBox
Fix Version/s: 2.0.22, 3.0.0 PDFBox
Component/s: None
Labels:
None

External issue URL:
https://stackoverflow.com/a/64502740/1729265

Description

The method COSDictionary.addAll(COSDictionary) creates the impression, by name and by JavaDoc comment,

/**
 * This will add all of the dictionaries keys/values to this dictionary.
...

that it can be used for exactly that, adding all key/value pairs from the argument dictionary to the current one, replacing old entries for the same keys.
If one looks at the implementation, though, one is in for a surprise:

/**
 * This will add all of the dictionaries keys/values to this dictionary.
 * Only called when adding keys to a trailer that already exists.
 *
 * @param dic The dictionaries to get the keys from.
 */
public void addAll(COSDictionary dic)
{
    dic.forEach((key, value) ->
    {
        /*
         * If we're at a second trailer, we have a linearized pdf file, meaning that the first Size entry represents
         * all of the objects so we don't need to grab the second.
         */
        if (!COSName.SIZE.equals(key) || !items.containsKey(COSName.SIZE))
        {
            setItem(key, value);
        }
    });
}

Here existing Size entries explicitly are not replaced!

This appears to be a relic from times when PDFBox parsed PDF documents front to back, ignoring cross reference streams, for improved results with linearized files when merging trailer dictionaries.

Nowadays this exceptional treatment of Size does not make any sense anymore, see this stack overflow answer.

Furthermore, this method is used in other contexts than creating trailer unions, even some PDFBox methods use it to create arbitrary dictionary unions:

org.apache.pdfbox.pdmodel.PDDocument.assignAcroFormDefaultResource(PDAcroForm, COSDictionary)
org.apache.pdfbox.filter.JPXFilter.decode(InputStream, OutputStream, COSDictionary, int, DecodeOptions)
org.apache.pdfbox.examples.interactive.form.FieldTriggers.main(String[])
org.apache.pdfbox.pdmodel.graphics.image.PDImageXObject.PDImageXObject(PDStream, PDResources)
org.apache.pdfbox.pdmodel.graphics.image.PDInlineImage.PDInlineImage(COSDictionary, byte[], PDResources)
org.apache.pdfbox.pdmodel.graphics.image.PDInlineImageTest.testInlineImage()
org.apache.pdfbox.pdfparser.XrefTrailerResolver.setStartxref(long)

(This list is offered by eclipse as callers of that method. There may be other, hidden calls.)

Thus, this exception should be removed after all usages of that method in PDFBox have been analyzed.

Attachments

Issue Links

links to

Stack Overflow - Why does the trailer object report a previous value for the “Size” entry?

Activity

People

Assignee:: Andreas Lehmkühler

Reporter:: Michael Klink

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 23/Oct/20 15:30

Updated:: 20/Dec/20 18:48

Resolved:: 04/Dec/20 07:23