Skip to content
Permalink
Browse files

PDF: fix excessive memory consumption on corrupted files

  • Loading branch information
rouault committed Jan 12, 2020
1 parent 6e9e51e commit 68a3c6855387daecff1eab460485cf9ff517a5a5
Showing with 19 additions and 5 deletions.
  1. +1 −1 gdal/frmts/pdf/gdal_pdf.h
  2. +18 −4 gdal/frmts/pdf/pdfdataset.cpp
@@ -266,7 +266,7 @@ class PDFDataset final: public GDALPamDataset
#endif

#if defined(HAVE_POPPLER)
void ExploreLayersPoppler(GDALPDFArray* poArray, int nRecLevel, CPLString osTopLayer = "");
void ExploreLayersPoppler(GDALPDFArray* poArray, CPLString osTopLayer, int nRecLevel, int& nVisited, bool& bStop);
void FindLayersPoppler();
void TurnLayersOnOffPoppler();
std::vector<std::pair<CPLString, OptionalContentGroup*> > oLayerOCGListPoppler;
@@ -3345,16 +3345,26 @@ void PDFDataset::AddLayer(const char* pszLayerName)
/************************************************************************/

void PDFDataset::ExploreLayersPoppler(GDALPDFArray* poArray,
CPLString osTopLayer,
int nRecLevel,
CPLString osTopLayer)
int& nVisited,
bool& bStop)
{
if( nRecLevel == 16 )
if( nRecLevel == 16 || nVisited == 1000 )
{
CPLError(CE_Failure, CPLE_AppDefined,
"ExploreLayersPoppler(): too deep exploration or too many items");
bStop = true;
return;
}
if( bStop )
return;

int nLength = poArray->GetLength();
CPLString osCurLayer;
for(int i=0;i<nLength;i++)
{
nVisited++;
GDALPDFObject* poObj = poArray->Get(i);
if( poObj == nullptr )
continue;
@@ -3371,7 +3381,9 @@ void PDFDataset::ExploreLayersPoppler(GDALPDFArray* poArray,
}
else if (poObj->GetType() == PDFObjectType_Array)
{
ExploreLayersPoppler(poObj->GetArray(), nRecLevel + 1, osCurLayer);
ExploreLayersPoppler(poObj->GetArray(), osCurLayer, nRecLevel + 1, nVisited, bStop);
if( bStop )
return;
osCurLayer = "";
}
else if (poObj->GetType() == PDFObjectType_Dictionary)
@@ -3419,7 +3431,9 @@ void PDFDataset::FindLayersPoppler()
if (array)
{
GDALPDFArray* poArray = GDALPDFCreateArray(array);
ExploreLayersPoppler(poArray, 0);
int nVisited = 0;
bool bStop = false;
ExploreLayersPoppler(poArray, CPLString(), 0, nVisited, bStop);
delete poArray;
}
else

0 comments on commit 68a3c68

Please sign in to comment.
You can’t perform that action at this time.