[jira] [Commented] (PDFBOX-6037) Potential OOM in XrefStreamParser

Wed, 23 Jul 2025 04:23:28 -0700 


    [ 
https://issues.apache.org/jira/browse/PDFBOX-6037?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18009234#comment-18009234
 ] 

ASF subversion and git services commented on PDFBOX-6037:
---------------------------------------------------------

Commit 1927434 from Tilman Hausherr in branch 'pdfbox/branches/3.0'
[ https://svn.apache.org/r1927434 ]

PDFBOX-6037: avoid OOM, as suggested by David Justamante and Michael Klink

> Potential OOM in XrefStreamParser
> ---------------------------------
>
>                 Key: PDFBOX-6037
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-6037
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Parsing
>    Affects Versions: 4.0.0
>            Reporter: David Justamante
>            Priority: Minor
>              Labels: patch
>         Attachments: example.pdf, simple_patch.diff
>
>
> This issue is being _*manually*_ filed by the competition organizers. We 
> recognize there is a number of AI generated submissions as of late. We have 
> gone through the manual process of bug/patch validation to prevent 
> unnecessary "noise", respecting maintainers' time.
> This submission is being sent as part of DARPA's AIxCC competition. 
> ([https://aicyberchallenge.com)|https://aicyberchallenge.com)/] This issue 
> was discovered by an autonomous Cyber Reasoning System (CRS) and validated by 
> competition engineers. The patch was manually constructed by the competition 
> engineers.
> XrefStreamParser - Read length then allocate without validation or bounds 
> checking. This can cause OOM if heap is < 2g.
> We understand if this is a "won't fix" from an allocation perspective, but it 
> feels like the allocation should happen after some verification that the 
> stream is really there and really of that length.
> We're attaching a triggering file and an example simple patch that trivially 
> sets a hard limit on the stream length. The example file was generated by 
> competitor's system in the AIxCC competition.
> (AIxCC Internal: CHA-1725)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to