Hi Dom Looks like line numbers for this one were out due to the previous patch:
The lines of code starting const int maxReadNextTrailerLevel = 500 go just after the opening brace of PdfParser::ReadNextTrailer() and the following line --m_nReadNextTrailerLevel; goes just before the closing brace of PdfParser::ReadNextTrailer() Worth noting that no attempt is made to decrement m_nReadNextTrailerLevel when exceptions are thrown - I've assumed exeptions are all fatal and cause the parser to abort. If this is a faulty assumption let me know and I can look at this in more detail. I'm happy to check the patched files against my version if you email me them, or let me know when they're committed to SVN Best Regards Mark -----Original Message----- From: Dominik Seichter [mailto:domseich...@googlemail.com] Sent: 15 July 2012 08:36 To: Mark Rogers Cc: podofo-users@lists.sourceforge.net Subject: Re: [Podofo-users] Patch for stack overflow Hi Mark, I finally found some time to look at some PoDoFo patches. Thanks for the patch. This sounds very useful! I have a little trouble to apply this, though. Where is this part supposed to go? At the end of which method. Line 540 in my version of file does not make much sense .... I think it should be at the end of ReadNextTrailer(), right? > .540 added > + --m_nReadNextTrailerLevel; > } > Regards, Dom On Wed, Jun 27, 2012 at 4:52 PM, Mark Rogers <mark.rog...@powermapper.com> wrote: > Found some more PDF documents in wild which cause problems - recursive stack > overflow in this case due to circular cross references in the trailer. Worth > saying that the library is generally very stable - but I'm pumping lots of > PDFs from different sources through it so seeing some unusual edge cases. > > Here's a patch that limits the recursion depth when reading the > trailer > > PdfParser.h > .577 added > + int m_nReadNextTrailerLevel; > > PdfParser.cpp > void PdfParser::Init() > { > .127 added > + m_nReadNextTrailerLevel = 0; > } > > PdfParser::ReadNextTrailer() > { > .493 added > + // be careful changing this limit - overflow limits depend on the OS, > linker settings, and how much stack space compiler allocates > + // 500 limit prevents overflow on Win7 with VC++ 2005 with default > linker stack size (1000 caused overflow with same compiler/OS) > + const int maxReadNextTrailerLevel = 500; > + > + ++m_nReadNextTrailerLevel; > + > + if ( m_nReadNextTrailerLevel > maxReadNextTrailerLevel ) > + { > + // avoid stack overflow on documents that have circular cross > references in trailer > + PODOFO_RAISE_ERROR( ePdfError_InvalidXRef ); > + } > > .540 added > + --m_nReadNextTrailerLevel; > } > > Best Regards > Mark > > Mark Rogers - mark.rog...@powermapper.com PowerMapper Software Ltd - > www.powermapper.com Registered in Scotland No 362274 Quartermile 2 > Edinburgh EH3 9GL > > > ---------------------------------------------------------------------- > -------- > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions will include endpoint security, mobile security and the > latest in malware threats. > http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Podofo-users mailing list > Podofo-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/podofo-users ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
