On Sat, 2018-01-06 at 15:44 -0500, Probe Fuzzer wrote:
> We found that on 0.9.5 (the latest version) of PoDoFo, there is a
> memory malloc failure in the PdfParser::ReadXRefSubsection function
> (src/base/PdfParser.cpp),
> which can cause denial of service via a crafted pdf file.
>
> ==112205==AddressSanitizer's allocator is terminating the process
> instead of returning 0
> ==112205==If you don't like this behavior set
> allocator_may_return_null=1
Hi,
I'm not sure it's a problem at all, it's just the behavior of the
AddressSanitizer, as is written above. Valgrind behaves similarly.
Running your test with the current svn trunk, at revision 1865 results
in:
WARNING: There are more objects (9560000000000) in this XRef table
than specified in the size key of the trailer directory (95)!
Error: An error 6 ocurred during processing the pdf file.
PoDoFo encountered an error. Error: 6 ePdfError_OutOfMemory
Error Description: PoDoFo is out of memory.
Callstack:
#0 Error Source: .../trunk/src/base/PdfParser.cpp:232
Information: Unable to load objects from file.
#1 Error Source: .../trunk/src/base/PdfParser.cpp:338
Information: Unable to load xref entries.
#2 Error Source: .../trunk/src/base/PdfParser.cpp:731
#3 Error Source: .../trunk/src/base/PdfParser.cpp:795
Thus PoDoFo properly handles the failed memory allocation.
Bye,
zyx
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users
