[
https://issues.apache.org/jira/browse/FOP-3193?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17909087#comment-17909087
]
Julian Müller edited comment on FOP-3193 at 12/31/24 6:38 PM:
--------------------------------------------------------------
[~jgoncalves] {{File.isDirectory()}} seems to use the POSIX function {{stat()}}
on Unix systems internally and {{stat()}} returns the properties of the target
of a symlink when a symlink is queried. So I think you can test this on a Unix
system by creating a symlink in a directory that points to the same directory,
because {{File.isDirectory()}} will return true on this symlink and thus the
{{DirectoryWalker}} will keep recursing until it runs out of stack.
was (Author: JIRAUSER294255):
[~jgoncalves] {{File.isDirectory()}} seems to use the POSIX function {{stat()}}
on Unix systems internally and {{stat()}} returns the properties of the target
of a symlink when a symlink is queried. So I think you can test this on a Unix
system by creating a symlink in a directory that points to the same directory,
because {{File.isDirectory()}} will return true and thus the
{{DirectoryWalker}} will keep recursing until it runs out of stack.
> Font auto-detection crashes on systems with internally recursive font
> directories
> ---------------------------------------------------------------------------------
>
> Key: FOP-3193
> URL: https://issues.apache.org/jira/browse/FOP-3193
> Project: FOP
> Issue Type: Bug
> Affects Versions: 2.9
> Reporter: Julian Müller
> Assignee: Joao Goncalves
> Priority: Major
>
> A user reported to us that our application crashes when exporting to PDF. We
> traced it down to the fact that FOP's FontFileFinder was infinitely recursing
> over font directories on that user's system, i.e., a font directory on this
> user's system contained itself.
> This potential infinite recursion is currently hardcoded in
> FontDetectorFactory.DefaultFontFactory.detect():
> {code:java}
> // search in font base if it is defined and
> // is a directory but don't recurse
> FontFileFinder fontFileFinder = new FontFileFinder(eventListener);
> [...]
> List<URL> systemFontList;
> systemFontList = fontFileFinder.find();
> {code}
> Note that the leading comment at the top is not true: The font file finder
> potentially recurses to an arbitrary depth when this constructor is called.
> I think FOP should set a reasonable limit on the recursion depth when
> auto-detecting fonts to avoid crashing on systems with recursive directory
> structures, or it might even be preferable to make the maximum recursion
> depth in the font auto-detect feature configurable for users of FOP. As
> things stand, it is hard to defend against this issue because FOP makes it
> difficult to avoid the infinite recursion when the font auto-detection
> feature is enabled (e.g., PDFTranscoder hardcodes the usage of
> PDFDocumentGraphics2DConfigurator, which hardcodes the usage of the default
> font detector, which hardcodes the infinite recursion).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
