All,
I have what might be a bug in the 3.0.x series of PDFBox. It appears that
certain input can cause RandomAccessReadBuffer's constructor to enter an
infinite loop. I have attached a file that produces the behavior. When I
examined the contents, the first thing that stood out is that it has no EOF
indicator, but I've seen other broken files where that's the case, and they
terminate properly. I've found a few files like this, and it seems like
they're all exactly multiples of DEFAULT_CHUNK_SIZE_4KB in length.
If you use RandomAccessReadMemoryMappedFile, you don't see the same
behavior. Instead, it reads the file and throws a "Missing root object
specification in trailer" error in PDFParser. The sample code to reproduce
looks more or less like this:
try(final InputStream is = Files.newInputStream(Paths.get("<path to
attached>"))) {
final PDDocument d = Loader.loadPDF(is);
}
Is this a bug? If so, what is the process for reporting it?
Given the infinite loop aspect of this, could it represent a security issue
due to denial of service?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: users-h...@pdfbox.apache.org
