Uploaded image for project: 'PDFBox'
  1. PDFBox
  2. PDFBOX-4999

Dangerous COSDictionary.addAll(COSDictionary) method



    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 2.0.21, 3.0.0 PDFBox
    • Fix Version/s: 2.0.22, 3.0.0 PDFBox
    • Component/s: None
    • Labels:


      The method COSDictionary.addAll(COSDictionary) creates the impression, by name and by JavaDoc comment,

       * This will add all of the dictionaries keys/values to this dictionary.

      that it can be used for exactly that, adding all key/value pairs from the argument dictionary to the current one, replacing old entries for the same keys.
      If one looks at the implementation, though, one is in for a surprise:

       * This will add all of the dictionaries keys/values to this dictionary.
       * Only called when adding keys to a trailer that already exists.
       * @param dic The dictionaries to get the keys from.
      public void addAll(COSDictionary dic)
          dic.forEach((key, value) ->
               * If we're at a second trailer, we have a linearized pdf file, meaning that the first Size entry represents
               * all of the objects so we don't need to grab the second.
              if (!COSName.SIZE.equals(key) || !items.containsKey(COSName.SIZE))
                  setItem(key, value);

      Here existing Size entries explicitly are not replaced!

      This appears to be a relic from times when PDFBox parsed PDF documents front to back, ignoring cross reference streams, for improved results with linearized files when merging trailer dictionaries.

      Nowadays this exceptional treatment of Size does not make any sense anymore, see this stack overflow answer.

      Furthermore, this method is used in other contexts than creating trailer unions, even some PDFBox methods use it to create arbitrary dictionary unions:

      • org.apache.pdfbox.pdmodel.PDDocument.assignAcroFormDefaultResource(PDAcroForm, COSDictionary)
      • org.apache.pdfbox.filter.JPXFilter.decode(InputStream, OutputStream, COSDictionary, int, DecodeOptions)
      • org.apache.pdfbox.examples.interactive.form.FieldTriggers.main(String[])
      • org.apache.pdfbox.pdmodel.graphics.image.PDImageXObject.PDImageXObject(PDStream, PDResources)
      • org.apache.pdfbox.pdmodel.graphics.image.PDInlineImage.PDInlineImage(COSDictionary, byte[], PDResources)
      • org.apache.pdfbox.pdmodel.graphics.image.PDInlineImageTest.testInlineImage()
      • org.apache.pdfbox.pdfparser.XrefTrailerResolver.setStartxref(long)

      (This list is offered by eclipse as callers of that method. There may be other, hidden calls.)

      Thus, this exception should be removed after all usages of that method in PDFBox have been analyzed.




            • Assignee:
              lehmi Andreas Lehmkühler
              mkl Michael Klink
            • Votes:
              0 Vote for this issue
              4 Start watching this issue


              • Created: