search

wwxxyx / pdfium

Automatically exported from code.google.com/p/pdfium
0 stars 0 forks source link

PDFium accepts direct stream objects #165

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. open attached file
2. it displays a page with "direct content stream!!"

What is the expected output? What do you see instead?
the file contains a direct stream, which is against the specs, so it shouldn't 
load ("All streams must be indirect object").

What version of the product are you using? On what operating system?
Version 43.0.2357.81 (64-bit)

Please provide any additional information below.

Original issue reported on code.google.com by cork...@google.com on 3 Jun 2015 at 6:56

Attachments:

GoogleCodeExporter commented 9 years ago 
I meant, "PDFium wrongly accepts direct stream objects"

Original comment by cork...@google.com on 3 Jun 2015 at 7:26

GoogleCodeExporter commented 9 years ago 
What's the harm in doing this other than non-conformance with the spec?
Can we prove that there aren't any tools in the world that generate such files? 

If there are, we'd break some otherwise displayable documents, no?

Original comment by tsepez@chromium.org on 4 Jun 2015 at 7:29

GoogleCodeExporter commented 9 years ago 
AFAIK only PDF-ium accepts this (it's very far from the official specs),
which I've never seen in the wild, malware or clean files.

If it's so broken, I see it as a security filter bypass.

Original comment by cork...@google.com on 5 Jun 2015 at 8:36

GoogleCodeExporter commented 9 years ago 
Ah.  Do you know of any filters that are both 
1) effective and
2) impacted by this?

Original comment by tsepez@chromium.org on 9 Jun 2015 at 6:08