Great - checked SVN against my source - all the changes look good. Best Regards Mark
Mark Rogers - mark.rog...@powermapper.com PowerMapper Software Ltd - www.powermapper.com Registered in Scotland No 362274 Quartermile 2 Edinburgh EH3 9GL -----Original Message----- From: Dominik Seichter [mailto:domseich...@googlemail.com] Sent: 15 July 2012 15:30 To: Mark Rogers Cc: podofo-users@lists.sourceforge.net Subject: Re: [Podofo-users] Patch for stack overflow Hi Mark, Thank. So I think I got this right now. I've committed both of your changes. Maybe you want to check if everything is correct. Regards, Dom On Sun, Jul 15, 2012 at 1:16 PM, Mark Rogers <mark.rog...@powermapper.com> wrote: > Hi Dom > > Looks like line numbers for this one were out due to the previous patch: > > The lines of code starting > const int maxReadNextTrailerLevel = 500 go just after the opening > brace of PdfParser::ReadNextTrailer() > > and the following line > --m_nReadNextTrailerLevel; > goes just before the closing brace of PdfParser::ReadNextTrailer() > > Worth noting that no attempt is made to decrement m_nReadNextTrailerLevel > when exceptions are thrown - I've assumed exeptions are all fatal and cause > the parser to abort. If this is a faulty assumption let me know and I can > look at this in more detail. > > I'm happy to check the patched files against my version if you email > me them, or let me know when they're committed to SVN > > Best Regards > Mark > > -----Original Message----- > From: Dominik Seichter [mailto:domseich...@googlemail.com] > Sent: 15 July 2012 08:36 > To: Mark Rogers > Cc: podofo-users@lists.sourceforge.net > Subject: Re: [Podofo-users] Patch for stack overflow > > Hi Mark, > > I finally found some time to look at some PoDoFo patches. Thanks for the > patch. This sounds very useful! > I have a little trouble to apply this, though. > > Where is this part supposed to go? At the end of which method. Line > 540 in my version of file does not make much sense .... I think it should be > at the end of ReadNextTrailer(), right? > >> .540 added >> + --m_nReadNextTrailerLevel; >> } >> > > Regards, > Dom > > On Wed, Jun 27, 2012 at 4:52 PM, Mark Rogers <mark.rog...@powermapper.com> > wrote: >> Found some more PDF documents in wild which cause problems - recursive stack >> overflow in this case due to circular cross references in the trailer. Worth >> saying that the library is generally very stable - but I'm pumping lots of >> PDFs from different sources through it so seeing some unusual edge cases. >> >> Here's a patch that limits the recursion depth when reading the >> trailer >> >> PdfParser.h >> .577 added >> + int m_nReadNextTrailerLevel; >> >> PdfParser.cpp >> void PdfParser::Init() >> { >> .127 added >> + m_nReadNextTrailerLevel = 0; >> } >> >> PdfParser::ReadNextTrailer() >> { >> .493 added >> + // be careful changing this limit - overflow limits depend on the >> OS, linker settings, and how much stack space compiler allocates >> + // 500 limit prevents overflow on Win7 with VC++ 2005 with default >> linker stack size (1000 caused overflow with same compiler/OS) >> + const int maxReadNextTrailerLevel = 500; >> + >> + ++m_nReadNextTrailerLevel; >> + >> + if ( m_nReadNextTrailerLevel > maxReadNextTrailerLevel ) >> + { >> + // avoid stack overflow on documents that have circular >> cross references in trailer >> + PODOFO_RAISE_ERROR( ePdfError_InvalidXRef ); >> + } >> >> .540 added >> + --m_nReadNextTrailerLevel; >> } >> >> Best Regards >> Mark >> >> Mark Rogers - mark.rog...@powermapper.com PowerMapper Software Ltd - >> www.powermapper.com Registered in Scotland No 362274 Quartermile 2 >> Edinburgh EH3 9GL >> >> >> --------------------------------------------------------------------- >> - >> -------- >> Live Security Virtual Conference >> Exclusive live event will cover all the ways today's security and >> threat landscape has changed and how IT managers can respond. >> Discussions will include endpoint security, mobile security and the >> latest in malware threats. >> http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >> _______________________________________________ >> Podofo-users mailing list >> Podofo-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/podofo-users ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
