[
https://issues.apache.org/jira/browse/PDFBOX-6041?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18024772#comment-18024772
]
ASF subversion and git services commented on PDFBOX-6041:
---------------------------------------------------------
Commit 1928954 from [email protected] in branch 'pdfbox/branches/3.0'
[ https://svn.apache.org/r1928954 ]
PDFBOX-6041: limit recursion depth to avoid a stack overflow exception as
proposed by David Justamante
> Potential StackOverflows in BaseParser
> --------------------------------------
>
> Key: PDFBOX-6041
> URL: https://issues.apache.org/jira/browse/PDFBOX-6041
> Project: PDFBox
> Issue Type: Bug
> Components: Parsing
> Affects Versions: 3.0.5 PDFBox, 4.0.0
> Reporter: David Justamante
> Assignee: Andreas Lehmkühler
> Priority: Minor
> Labels: patch
> Fix For: 4.0.0
>
> Attachments: example.pdf, patch.diff
>
>
> This issue is being manually filed by the competition organizers. We
> recognize there is a number of AI generated submissions as of late. We have
> gone through the manual process of bug/patch validation to prevent
> unnecessary "noise", respecting maintainers' time.
> This submission is being sent as part of DARPA's AIxCC competition.
> (https://aicyberchallenge.com) This issue was discovered by an autonomous
> Cyber Reasoning System (CRS) and validated by competition engineers. The
> patch was automatically constructed by the autonomous CRS, but validated by
> the competition engineers.
> There are three areas where the BaseParser recurses:
> {{{}parseCOSDictionary{}}}, {{parseCOSArray}} and {{{}parseDirObject{}}}.
> There are currently no checks on recursion depth. StackOverflows can be
> triggered by any recursive combination of calls that exceed {{{}-Xss{}}}.
> (AIxCC Internal: CHA-1731)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
