David Justamante created PDFBOX-6041:
----------------------------------------
Summary: Potential StackOverflows in BaseParser
Key: PDFBOX-6041
URL: https://issues.apache.org/jira/browse/PDFBOX-6041
Project: PDFBox
Issue Type: Bug
Components: Parsing
Affects Versions: 4.0.0
Reporter: David Justamante
Attachments: example.pdf, patch.diff
This issue is being manually filed by the competition organizers. We recognize
there is a number of AI generated submissions as of late. We have gone through
the manual process of bug/patch validation to prevent unnecessary "noise",
respecting maintainers' time.
This submission is being sent as part of DARPA's AIxCC competition.
(https://aicyberchallenge.com) This issue was discovered by an autonomous Cyber
Reasoning System (CRS) and validated by competition engineers. The patch was
automatically constructed by the autonomous CRS, but validated by the
competition engineers.
There are three areas where the BaseParser recurses:
{{{}parseCOSDictionary{}}}, {{parseCOSArray}} and {{{}parseDirObject{}}}. There
are currently no checks on recursion depth. StackOverflows can be triggered by
any recursive combination of calls that exceed {{{}-Xss{}}}.
(AIxCC Internal: CHA-1731)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
