Hi Mark,
I finally found some time to look at some PoDoFo patches. Thanks for
the patch. This sounds very useful!
I have a little trouble to apply this, though.
Where is this part supposed to go? At the end of which method. Line
540 in my version of file does not make much sense .... I think it
should be at the end of ReadNextTrailer(), right?
> .540 added
> + --m_nReadNextTrailerLevel;
> }
>
Regards,
Dom
On Wed, Jun 27, 2012 at 4:52 PM, Mark Rogers
<mark.rog...@powermapper.com> wrote:
> Found some more PDF documents in wild which cause problems - recursive stack
> overflow in this case due to circular cross references in the trailer. Worth
> saying that the library is generally very stable - but I'm pumping lots of
> PDFs from different sources through it so seeing some unusual edge cases.
>
> Here's a patch that limits the recursion depth when reading the trailer
>
> PdfParser.h
> .577 added
> + int m_nReadNextTrailerLevel;
>
> PdfParser.cpp
> void PdfParser::Init()
> {
> .127 added
> + m_nReadNextTrailerLevel = 0;
> }
>
> PdfParser::ReadNextTrailer()
> {
> .493 added
> + // be careful changing this limit - overflow limits depend on the OS,
> linker settings, and how much stack space compiler allocates
> + // 500 limit prevents overflow on Win7 with VC++ 2005 with default
> linker stack size (1000 caused overflow with same compiler/OS)
> + const int maxReadNextTrailerLevel = 500;
> +
> + ++m_nReadNextTrailerLevel;
> +
> + if ( m_nReadNextTrailerLevel > maxReadNextTrailerLevel )
> + {
> + // avoid stack overflow on documents that have circular cross
> references in trailer
> + PODOFO_RAISE_ERROR( ePdfError_InvalidXRef );
> + }
>
> .540 added
> + --m_nReadNextTrailerLevel;
> }
>
> Best Regards
> Mark
>
> Mark Rogers - mark.rog...@powermapper.com
> PowerMapper Software Ltd - www.powermapper.com
> Registered in Scotland No 362274 Quartermile 2 Edinburgh EH3 9GL
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Podofo-users mailing list
> Podofo-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/podofo-users
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users
