Using an oversized image in a table with a row-spanning column locks up HexaPDF

[emilyst]

Hi, I think I have encountered a possible bug in HexaPDF 0.33.0. When this bug is triggered, HexaPDF fails to complete or raise any error, but instead executes endlessly, using 100% of the CPU.

I have only been able to reproduce the issue with the following conditions:

• Image is unusually long compared to its width. (See attached image of an example.)
• ImageBox containing this image is used within a data cell of a table.
• ImageBox sets width directly to a value such that the resulting scaled height is greater than the size of the available height in the page's frame. (For example, setting an image width of 200 where the image dimensions are 100 by 400.)
• ImageBox data cell is not the first row.
• The first data cell of each row uses row_span: 2.

It's also possible to use an unusually wide image to accomplish the same thing, if you're setting the height instead of the width. I'm not sure if there are other situations that might lead to this behavior. I'm not sure if the table/row-span part is significant or not, but I couldn't reproduce the issue without it.

If this turns out to be an actual misbehavior in HexaPDF, it could lead to a minor DoS issue if an application accepts user-submitted images and attempts to render a PDF including that image.

Included below are a minimal script to reproduce the issue, along with an example image that I used (cropped from a larger image).

# frozen_string_literal: true

require "hexapdf"
require "tempfile"

Tempfile.create do |tempfile|
  HexaPDF::Composer.create(tempfile) do |composer|
    composer.table(
      [
        [
          {
            content: composer.document.layout.text("text"),
            row_span: 2,
          },
          composer.document.layout.text("text"),
        ],
        [
          composer.document.layout.text("text"),
        ],
        [
          {
            content: composer.document.layout.text("text"),
            row_span: 2,
          },
          composer.document.layout.text("text"),
        ],
        [
          composer.document.layout.image("narrow.png", width: 200),
        ],
      ],
    )
  end
end

[gettalong]

Thanks for providing the bug report! I can reproduce the problem and will look into it.

[gettalong]

I have identified the problem and implemented a fix. Will need to test this more before releasing a new version.

[emilyst]

I have identified the problem and implemented a fix. Will need to test this more before releasing a new version.

Oh, how wonderful! Let me know if I can test.

[gettalong]

This is issued is fixed with version 0.39.1 that I just released.

[emilyst]

Hugely appreciated!