PDF with self-referencing object kills PDF rendering

next2world / pdfium

Automatically exported from code.google.com/p/pdfium

0 stars 0 forks source link

PDF with self-referencing object kills PDF rendering #164

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. open attached file: it contains a self referencing object
2. the tab stops working, is hanged
3. any further open PDF tabs fail to render

What is the expected output? What do you see instead?
the file should just fail to load. instead, it never stops loading and all 
other PDF viewers instance are killed

What version of the product are you using? On what operating system?
43.0.2357.81 (64-bit)

Please provide any additional information below.

Original issue reported on code.google.com by cork...@google.com on 3 Jun 2015 at 6:35

Attachments:

selfref.pdf

GoogleCodeExporter commented 9 years ago

Yeah, the path that deals with indirect object depth is unforgiving at the 
moment.

Original comment by tsepez@chromium.org on 4 Jun 2015 at 7:30

GoogleCodeExporter commented 9 years ago

So, this is a DoS on all PDF tabs, in just 50 bytes of codes
(only one self-referencing object is required).

Original comment by cork...@google.com on 5 Jun 2015 at 8:32

GoogleCodeExporter commented 9 years ago

FYI, we don't consider DoS a security issues these days, because you can't 
extract information you aren't entitled to -- it's just a nuisance.  And the 
size of the repro isn't terribly relevant -- there will always be lots of way 
to run the plugin out of memory, for example.  So I'm going to drop the 
priority on this one further.

Original comment by tsepez@chromium.org on 9 Jun 2015 at 6:06

Added labels: Priority-Low
Removed labels: Priority-Medium