(ofbiz-framework) branch trunk updated: Fixed: Endless loop in SecuredUpload::inflate (OFBIZ-13341)

Fri, 16 Jan 2026 00:02:35 -0800 

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


The following commit(s) were added to refs/heads/trunk by this push:
     new eac34b7c5c Fixed: Endless loop in SecuredUpload::inflate (OFBIZ-13341)
eac34b7c5c is described below

commit eac34b7c5ca3ad0979f6fbbb9708bbf58b5e8671
Author: Jacques Le Roux <[email protected]>
AuthorDate: Fri Jan 16 08:57:23 2026 +0100

    Fixed: Endless loop in SecuredUpload::inflate (OFBIZ-13341)
    
    This was reported by Carsten Heinrigs <[email protected]> who has not yet a 
Jira
    account:
    <<After submitting an image file (PNG) (see attachment), no response came.
    Also found no log message. So I looked for the code, where it hang.
    Found it in SecuredUpload::inflate>>
    
    It's related to OFBIZ-13292. Carsten proposed a solution that I have 
simplified.
    
    Thanks: Carsten Heinrigs
---
 .../src/main/java/org/apache/ofbiz/security/SecuredUpload.java       | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git 
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java 
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
index f7695de339..c0c5759d8a 100644
--- 
a/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
+++ 
b/framework/security/src/main/java/org/apache/ofbiz/security/SecuredUpload.java
@@ -84,8 +84,8 @@ import org.apache.ofbiz.base.util.UtilValidate;
 import org.apache.ofbiz.base.util.UtilXml;
 import org.apache.ofbiz.entity.Delegator;
 import org.apache.ofbiz.entity.util.EntityUtilProperties;
-import org.apache.pdfbox.io.RandomAccessReadBufferedFile;
 import org.apache.pdfbox.Loader;
+import org.apache.pdfbox.io.RandomAccessReadBufferedFile;
 import org.apache.pdfbox.pdmodel.PDDocument;
 //import org.apache.pdfbox.pdmodel.PDDocument;
 import org.apache.pdfbox.pdmodel.PDDocumentNameDictionary;
@@ -593,6 +593,9 @@ public class SecuredUpload {
                     } else if (inflater.needsDictionary()) { // Dictionary to 
be loaded
                         inflater.setDictionary(result);
                         inflater.getAdler();
+                    } else { // nothing to inflate, avoid endless loop
+                        inflater.end();
+                        return true;
                     }
                 }
             }

Reply via email to