[jira] [Commented] (FOP-3193) Font auto-detection crashes on systems with internally recursive font directories

Mon, 30 Dec 2024 09:23:04 -0800 


    [ 
https://issues.apache.org/jira/browse/FOP-3193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17908919#comment-17908919
 ] 

Joao Goncalves commented on FOP-3193:
-------------------------------------

[~muellerj2] Would you be able to provide some steps to be able to replicate 
this? I've tried a few different things, and I have a possible fix ready, but I 
need to be able to test it first. My fix doesn't need the depth limit. Any idea 
how to create a directory that contained itself?

> Font auto-detection crashes on systems with internally recursive font 
> directories
> ---------------------------------------------------------------------------------
>
>                 Key: FOP-3193
>                 URL: https://issues.apache.org/jira/browse/FOP-3193
>             Project: FOP
>          Issue Type: Bug
>    Affects Versions: 2.9
>            Reporter: Julian Müller
>            Assignee: Joao Goncalves
>            Priority: Major
>
> A user reported to us that our application crashes when exporting to PDF. We 
> traced it down to the fact that FOP's FontFileFinder was infinitely recursing 
> over font directories on that user's system, i.e., a font directory on this 
> user's system contained itself.
> This potential infinite recursion is currently hardcoded in 
> FontDetectorFactory.DefaultFontFactory.detect():
> {code:java}
> // search in font base if it is defined and
> // is a directory but don't recurse
> FontFileFinder fontFileFinder = new FontFileFinder(eventListener);
> [...]
> List<URL> systemFontList;
> systemFontList = fontFileFinder.find();
> {code}
> Note that the leading comment at the top is not true: The font file finder 
> potentially recurses to an arbitrary depth when this constructor is called.
> I think FOP should set a reasonable limit on the recursion depth when 
> auto-detecting fonts to avoid crashing on systems with recursive directory 
> structures, or it might even be preferable to make the maximum recursion 
> depth in the font auto-detect feature configurable for users of FOP. As 
> things stand, it is hard to defend against this issue because FOP makes it 
> difficult to avoid the infinite recursion when the font auto-detection 
> feature is enabled (e.g., PDFTranscoder hardcodes the usage of 
> PDFDocumentGraphics2DConfigurator, which hardcodes the usage of the default 
> font detector, which hardcodes the infinite recursion).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to