Julian Müller created FOP-3193:
----------------------------------
Summary: Font auto-detection crashes on systems with internally
recursive font directories
Key: FOP-3193
URL: https://issues.apache.org/jira/browse/FOP-3193
Project: FOP
Issue Type: Bug
Affects Versions: 2.9
Reporter: Julian Müller
A user reported to us that our application crashes when exporting to PDF. We
traced it down to the fact that FOP's FontFileFinder was infinitely recursing
over font directories on that user's system, i.e., a font directory on this
user's system contained itself.
This potential infinite recursion is currently hardcoded in
FontDetectorFactory.DefaultFontFactory.detect():
{code:java}
// search in font base if it is defined and
// is a directory but don't recurse
FontFileFinder fontFileFinder = new FontFileFinder(eventListener);
[...]
List<URL> systemFontList;
systemFontList = fontFileFinder.find();
{code}
Note that the leading comment at the top is not true: The font file finder
potentially recurses to an arbitrary depth when this constructor is called.
I think FOP should set a reasonable limit on the recursion depth when
auto-detecting fonts to avoid crashing on systems with recursive directory
structures, or it might even be preferable to make the maximum recursion depth
in the font auto-detect feature configurable for users of FOP. As things stand,
it is hard to defend against this issue because FOP makes it difficult to avoid
the infinite recursion when the font auto-detection feature is enabled (e.g.,
PDFTranscoder hardcodes the usage of PDFDocumentGraphics2DConfigurator, which
hardcodes the usage of the default font detector, which hardcodes the infinite
recursion).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
