[
https://issues.apache.org/jira/browse/PDFBOX-6043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18009222#comment-18009222
]
ASF subversion and git services commented on PDFBOX-6043:
---------------------------------------------------------
Commit 1927430 from Tilman Hausherr in branch 'pdfbox/trunk'
[ https://svn.apache.org/r1927430 ]
PDFBOX-6043: prevent OOM
> Potential OOM in Type1Lexer
> ---------------------------
>
> Key: PDFBOX-6043
> URL: https://issues.apache.org/jira/browse/PDFBOX-6043
> Project: PDFBox
> Issue Type: Bug
> Components: Parsing
> Affects Versions: 2.0.34, 3.0.5 PDFBox, 4.0.0
> Reporter: David Justamante
> Priority: Minor
> Labels: patch
> Fix For: 2.0.35, 3.0.6 PDFBox, 4.0.0
>
> Attachments: example.pdf, simple-patch.diff
>
>
> This issue is being *manually* filed by the competition organizers. We
> recognize there is a number of AI generated submissions as of late. We have
> gone through the manual process of bug/patch validation to prevent
> unnecessary "noise", respecting maintainers' time.
> This submission is being sent as part of DARPA's AIxCC competition.
> (https://aicyberchallenge.com) This issue was discovered and validated by
> competition engineers during challenge development. The patch was manually
> constructed by the competition engineers.
> Read length then allocate without validation or bounds checking this can
> cause an OOM when heap is < 2gb.
> We're attaching a patch with a simple check with a hard limit.
> (AIxCC Internal: CHA-1726)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@pdfbox.apache.org
For additional commands, e-mail: dev-h...@pdfbox.apache.org
