Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
/*
This file is part of the iText (R) project.
Copyright (c) 1998-2019 iText Group NV
Authors: iText Software.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License version 3
as published by the Free Software Foundation with the addition of the
following permission added to Section 15 as permitted in Section 7(a):
FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
ITEXT GROUP. ITEXT GROUP DISCLAIMS THE WARRANTY OF NON INFRINGEMENT
OF THIRD PARTY RIGHTS
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program; if not, see http://www.gnu.org/licenses or write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA, 02110-1301 USA, or download the license from the following URL:
http://itextpdf.com/terms-of-use/
The interactive user interfaces in modified source and object code versions
of this program must display Appropriate Legal Notices, as required under
Section 5 of the GNU Affero General Public License.
In accordance with Section 7(b) of the GNU Affero General Public License,
a covered work must retain the producer line in every PDF that is created
or manipulated using iText.
You can be released from the requirements of the license by purchasing
a commercial license. Buying such a license is mandatory as soon as you
develop commercial activities involving the iText software without
disclosing the source code of your own applications.
These activities include: offering paid services to customers as an ASP,
serving PDFs on the fly in a web application, shipping iText with a closed
source product.
For more information, please contact iText Software Corp. at this
address: sales@itextpdf.com
*/
package com.itextpdf.kernel.pdf;

import com.itextpdf.kernel.PdfException;

import java.io.ByteArrayOutputStream;
import java.util.Arrays;

/**
* This class implements an output stream which can be used for memory limits aware decompression of pdf streams.
*/
class MemoryLimitsAwareOutputStream extends ByteArrayOutputStream {

/**
* The maximum size of array to allocate.
* Attempts to allocate larger arrays will result in an exception.
*/
private static final int DEFAULT_MAX_STREAM_SIZE = Integer.MAX_VALUE - 8;

/**
* The maximum size of array to allocate.
* Attempts to allocate larger arrays will result in an exception.
*/
private int maxStreamSize = DEFAULT_MAX_STREAM_SIZE;

/**
* Creates a new byte array output stream. The buffer capacity is
* initially 32 bytes, though its size increases if necessary.
*/
public MemoryLimitsAwareOutputStream() {
super();
}

/**
* Creates a new byte array output stream, with a buffer capacity of
* the specified size, in bytes.
*
* @param size the initial size.
* @throws IllegalArgumentException if size is negative.
*/
public MemoryLimitsAwareOutputStream(int size) {
super(size);
}

/**
* Gets the maximum size which can be occupied by this output stream.
*
* @return the maximum size which can be occupied by this output stream.
*/
public long getMaxStreamSize() {
return maxStreamSize;
}

/**
* Sets the maximum size which can be occupied by this output stream.
*
* @param maxStreamSize the maximum size which can be occupied by this output stream.
* @return this {@link MemoryLimitsAwareOutputStream}
*/
public MemoryLimitsAwareOutputStream setMaxStreamSize(int maxStreamSize) {
this.maxStreamSize = maxStreamSize;
return this;
}

/**
* {@inheritDoc}
*/
@Override
public synchronized void write(byte[] b, int off, int len) {
if ((off < 0) || (off > b.length) || (len < 0) ||
((off + len) - b.length > 0)) {
throw new IndexOutOfBoundsException();
}

int minCapacity = count + len;
if (minCapacity < 0) { // overflow
throw new MemoryLimitsAwareException(PdfException.DuringDecompressionSingleStreamOccupiedMoreThanMaxIntegerValue);
}
if (minCapacity > maxStreamSize) {
throw new MemoryLimitsAwareException(PdfException.DuringDecompressionSingleStreamOccupiedMoreMemoryThanAllowed);
}

// calculate new capacity
int oldCapacity = buf.length;
int newCapacity = oldCapacity << 1;
if (newCapacity < 0 || newCapacity - minCapacity < 0) { // overflow
newCapacity = minCapacity;
}

if (newCapacity - maxStreamSize > 0) {
newCapacity = maxStreamSize;
buf = Arrays.copyOf(buf, newCapacity);
}
super.write(b, off, len);
}
}
9 changes: 9 additions & 0 deletions kernel/src/main/java/com/itextpdf/kernel/pdf/PdfDocument.java
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,11 @@ public class PdfDocument implements IEventDispatcher, Closeable, Serializable {
*/
Map<PdfIndirectReference, byte[]> serializedObjectsCache = new HashMap<>();

/**
* Handler which will be used for decompression of pdf streams.
*/
MemoryLimitsAwareHandler memoryLimitsAwareHandler = null;

/**
* Open PDF document in reading mode.
*
Expand Down Expand Up @@ -1816,6 +1821,10 @@ protected void open(PdfVersion newPdfVersion) {
throw new PdfException(PdfException.PdfReaderHasBeenAlreadyUtilized);
}
reader.pdfDocument = this;
memoryLimitsAwareHandler = reader.properties.memoryLimitsAwareHandler;
if (null == memoryLimitsAwareHandler) {
memoryLimitsAwareHandler = new MemoryLimitsAwareHandler(reader.tokens.getSafeFile().length());
}
reader.readPdf();
for (ICounter counter : getCounters()) {
counter.onDocumentRead(reader.getFileLength());
Expand Down
10 changes: 8 additions & 2 deletions kernel/src/main/java/com/itextpdf/kernel/pdf/PdfPage.java
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,6 @@ This file is part of the iText (R) project.
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
Expand Down Expand Up @@ -736,11 +735,18 @@ public Rectangle getTrimBox() {
*/
public byte[] getContentBytes() {
try {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
MemoryLimitsAwareHandler handler = getDocument().memoryLimitsAwareHandler;
long usedMemory = null == handler ? -1 : handler.getAllMemoryUsedForDecompression();

MemoryLimitsAwareOutputStream baos = new MemoryLimitsAwareOutputStream();
int streamCount = getContentStreamCount();
byte[] streamBytes;
for (int i = 0; i < streamCount; i++) {
streamBytes = getStreamBytes(i);
// usedMemory has changed, that means that some of currently processed pdf streams are suspicious
if (null != handler && usedMemory < handler.getAllMemoryUsedForDecompression()) {
baos.setMaxStreamSize(handler.getMaxSizeOfSingleDecompressedPdfStream());
}
baos.write(streamBytes);
if (0 != streamBytes.length && !Character.isWhitespace((char) streamBytes[streamBytes.length - 1])) {
baos.write('\n');
Expand Down
29 changes: 28 additions & 1 deletion kernel/src/main/java/com/itextpdf/kernel/pdf/PdfReader.java
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,9 @@ This file is part of the iText (R) project.
import java.io.IOException;
import java.io.InputStream;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand Down Expand Up @@ -111,7 +113,6 @@ public class PdfReader implements Closeable, Serializable {
protected boolean hybridXref = false;
protected boolean fixedXref = false;
protected boolean xrefStm = false;

/**
* Constructs a new PdfReader.
*
Expand Down Expand Up @@ -387,6 +388,26 @@ public static byte[] decodeBytes(byte[] b, PdfDictionary streamDictionary, Map<P
filters = ((PdfArray) filter);
}
}

MemoryLimitsAwareHandler memoryLimitsAwareHandler = null;
if (null != streamDictionary.getIndirectReference()) {
memoryLimitsAwareHandler = streamDictionary.getIndirectReference().getDocument().memoryLimitsAwareHandler;
}
if (null != memoryLimitsAwareHandler) {
HashSet<PdfName> filterSet = new HashSet<>();
int index;
for (index = 0; index < filters.size(); index++) {
PdfName filterName = filters.getAsName(index);
if (!filterSet.add(filterName)) {
memoryLimitsAwareHandler.beginDecompressedPdfStreamProcessing();
break;
}
}
if (index == filters.size()) { // The stream isn't suspicious. We shouldn't process it.
memoryLimitsAwareHandler = null;
}
}

PdfArray dp = new PdfArray();
PdfObject dpo = streamDictionary.get(PdfName.DecodeParms);
if (dpo == null || (dpo.getType() != PdfObject.DICTIONARY && dpo.getType() != PdfObject.ARRAY)) {
Expand Down Expand Up @@ -421,6 +442,12 @@ public static byte[] decodeBytes(byte[] b, PdfDictionary streamDictionary, Map<P
decodeParams = null;
}
b = filterHandler.decode(b, filterName, decodeParams, streamDictionary);
if (null != memoryLimitsAwareHandler) {
memoryLimitsAwareHandler.considerBytesOccupiedByDecompressedPdfStream(b.length);
}
}
if (null != memoryLimitsAwareHandler) {
memoryLimitsAwareHandler.endDecompressedPdfStreamProcessing();
}
return b;
}
Expand Down
15 changes: 15 additions & 0 deletions kernel/src/main/java/com/itextpdf/kernel/pdf/ReaderProperties.java
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ This file is part of the iText (R) project.
package com.itextpdf.kernel.pdf;

import com.itextpdf.kernel.security.IExternalDecryptionProcess;

import java.io.Serializable;
import java.security.Key;
import java.security.cert.Certificate;
Expand All @@ -59,9 +60,12 @@ public class ReaderProperties implements Serializable {
protected String certificateKeyProvider; //added by Aiken Sam for certificate decryption
protected IExternalDecryptionProcess externalDecryptionProcess;

protected MemoryLimitsAwareHandler memoryLimitsAwareHandler;

/**
* Defines the password which will be used if the document is encrypted with standard encryption.
* This could be either user or owner password.
*
* @param password the password to use in order to open the document.
*/
public ReaderProperties setPassword(byte[] password) {
Expand Down Expand Up @@ -101,4 +105,15 @@ private void clearEncryptionParams() {
this.certificateKeyProvider = null;
this.externalDecryptionProcess = null;
}
/**
* Sets the memory handler which will be used to handle decompressed pdf streams.
*
* @param memoryLimitsAwareHandler the memory handler which will be used to handle decompressed pdf streams
* @return this {@link ReaderProperties} instance.
*/
public ReaderProperties setMemoryLimitsAwareHandler(MemoryLimitsAwareHandler memoryLimitsAwareHandler) {
this.memoryLimitsAwareHandler = memoryLimitsAwareHandler;
return this;
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -54,8 +54,8 @@ This file is part of the iText (R) project.
import com.itextpdf.kernel.pdf.PdfStream;
import com.itextpdf.kernel.pdf.filters.DoNothingFilter;
import com.itextpdf.kernel.pdf.filters.FilterHandlers;
import com.itextpdf.kernel.pdf.filters.FlateDecodeFilter;
import com.itextpdf.kernel.pdf.filters.IFilterHandler;
import com.itextpdf.kernel.pdf.filters.FlateDecodeStrictFilter;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
Expand Down Expand Up @@ -397,7 +397,7 @@ private static boolean inlineImageStreamBytesAreComplete(byte[] samples, PdfDict
filters.put(PdfName.DCTDecode, stubfilter);
filters.put(PdfName.JBIG2Decode, stubfilter);
filters.put(PdfName.JPXDecode, stubfilter);
((FlateDecodeFilter) filters.get(PdfName.FlateDecode)).setStrictDecoding(true);
filters.put(PdfName.FlateDecode, new FlateDecodeStrictFilter());
PdfReader.decodeBytes(samples, imageDictionary, filters);
} catch (Exception ex) {
return false;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,22 +43,28 @@ This file is part of the iText (R) project.
*/
package com.itextpdf.kernel.pdf.filters;

import com.itextpdf.kernel.PdfException;
import com.itextpdf.io.source.PdfTokenizer;
import com.itextpdf.kernel.PdfException;
import com.itextpdf.kernel.pdf.MemoryLimitsAwareFilter;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfObject;

import java.io.ByteArrayOutputStream;


/**
* Handles ASCII85Decode filter
*/
public class ASCII85DecodeFilter implements IFilterHandler {
public class ASCII85DecodeFilter extends MemoryLimitsAwareFilter {

/**
* {@inheritDoc}
*/
@Override
public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDictionary streamDictionary) {
b = ASCII85Decode(b);
ByteArrayOutputStream outputStream = enableMemoryLimitsAwareHandler(streamDictionary);
b = ASCII85Decode(b, outputStream);
return b;
}

Expand All @@ -69,7 +75,17 @@ public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDi
* @return the decoded byte[]
*/
public static byte[] ASCII85Decode(byte[] in) {
ByteArrayOutputStream out = new ByteArrayOutputStream();
return ASCII85Decode(in, new ByteArrayOutputStream());
}

/**
* Decodes the input bytes according to ASCII85.
*
* @param in the byte[] to be decoded
* @param out the out stream which will be used to write the bytes.
* @return the decoded byte[]
*/
private static byte[] ASCII85Decode(byte[] in, ByteArrayOutputStream out) {
int state = 0;
int[] chn = new int[5];
for (int k = 0; k < in.length; ++k) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,9 +43,10 @@ This file is part of the iText (R) project.
*/
package com.itextpdf.kernel.pdf.filters;

import com.itextpdf.kernel.PdfException;
import com.itextpdf.io.source.ByteBuffer;
import com.itextpdf.io.source.PdfTokenizer;
import com.itextpdf.kernel.PdfException;
import com.itextpdf.kernel.pdf.MemoryLimitsAwareFilter;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfObject;
Expand All @@ -55,11 +56,15 @@ This file is part of the iText (R) project.
/**
* Handles ASCIIHexDecode filter
*/
public class ASCIIHexDecodeFilter implements IFilterHandler {
public class ASCIIHexDecodeFilter extends MemoryLimitsAwareFilter {

/**
* {@inheritDoc}
*/
@Override
public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDictionary streamDictionary) {
b = ASCIIHexDecode(b);
ByteArrayOutputStream outputStream = enableMemoryLimitsAwareHandler(streamDictionary);
b = ASCIIHexDecode(b, outputStream);
return b;
}

Expand All @@ -70,7 +75,17 @@ public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDi
* @return decoded byte[]
*/
public static byte[] ASCIIHexDecode(byte[] in) {
ByteArrayOutputStream out = new ByteArrayOutputStream();
return ASCIIHexDecode(in, new ByteArrayOutputStream());
}

/**
* Decodes a byte[] according to ASCII Hex encoding.
*
* @param in byte[] to be decoded
* @param out the out stream which will be used to write the bytes.
* @return decoded byte[]
*/
private static byte[] ASCIIHexDecode(byte[] in, ByteArrayOutputStream out) {
boolean first = true;
int n1 = 0;
for (int k = 0; k < in.length; ++k) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ This file is part of the iText (R) project.
/**
* Handles CCITTFaxDecode filter
*/
public class CCITTFaxDecodeFilter implements IFilterHandler {
public class CCITTFaxDecodeFilter implements IFilterHandler {

@Override
public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDictionary streamDictionary) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,8 @@ This file is part of the iText (R) project.
package com.itextpdf.kernel.pdf.filters;

import com.itextpdf.kernel.PdfException;
import com.itextpdf.kernel.pdf.MemoryLimitsAwareException;
import com.itextpdf.kernel.pdf.MemoryLimitsAwareFilter;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfNumber;
Expand All @@ -58,12 +60,7 @@ This file is part of the iText (R) project.
/**
* Handles FlateDecode filter.
*/
public class FlateDecodeFilter implements IFilterHandler {

/**
* Defines how the corrupted streams should be treated.
*/
private boolean strictDecoding = false;
public class FlateDecodeFilter extends MemoryLimitsAwareFilter {

/**
* Creates a FlateDecodeFilter.
Expand All @@ -76,7 +73,9 @@ public FlateDecodeFilter() {
* Creates a FlateDecodeFilter.
*
* @param strictDecoding defines whether the decoder will try to read a corrupted stream
* @deprecated will be removed in 7.2, use {@link FlateDecodeStrictFilter} instead.
*/
@Deprecated
public FlateDecodeFilter(boolean strictDecoding) {
this.strictDecoding = strictDecoding;
}
Expand All @@ -85,7 +84,9 @@ public FlateDecodeFilter(boolean strictDecoding) {
* Checks whether the decoder will try to read a corrupted stream (not strict) or not (strict)
*
* @return true if the decoder will try to read a corrupted stream otherwise false
* @deprecated will be removed in 7.2, use {@link FlateDecodeStrictFilter} instead.
*/
@Deprecated
public boolean isStrictDecoding() {
return strictDecoding;
}
Expand All @@ -95,22 +96,37 @@ public boolean isStrictDecoding() {
*
* @param strict true if the decoder should try to read a corrupted stream otherwise false
* @return the decoder
* @deprecated will be removed in 7.2, use {@link FlateDecodeStrictFilter} instead.
*/
@Deprecated
public FlateDecodeFilter setStrictDecoding(boolean strict) {
this.strictDecoding = strict;
return this;
}

/**
* {@inheritDoc}
*/
@Override
public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDictionary streamDictionary) {
byte[] res = flateDecode(b, true);
ByteArrayOutputStream outputStream = enableMemoryLimitsAwareHandler(streamDictionary);
byte[] res = flateDecode(b, true, outputStream);
if (res == null && !strictDecoding) {
res = flateDecode(b, false);
outputStream.reset();
res = flateDecode(b, false, outputStream);
}
b = decodePredictor(res, decodeParams);
return b;
}

/**
* Defines how the corrupted streams should be treated.
*
* @deprecated will be removed in 7.2, use {@link FlateDecodeStrictFilter} instead.
*/
@Deprecated
private boolean strictDecoding = false;

/**
* A helper to flateDecode.
*
Expand All @@ -119,9 +135,20 @@ public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDi
* @return the decoded data
*/
public static byte[] flateDecode(byte[] in, boolean strict) {
return flateDecode(in, strict, new ByteArrayOutputStream());
}

/**
* A helper to flateDecode.
*
* @param in the input data
* @param strict {@code true} to read a correct stream. {@code false} to try to read a corrupted stream.
* @param out the out stream which will be used to write the bytes.
* @return the decoded data
*/
private static byte[] flateDecode(byte[] in, boolean strict, ByteArrayOutputStream out) {
ByteArrayInputStream stream = new ByteArrayInputStream(in);
InflaterInputStream zip = new InflaterInputStream(stream);
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] b = new byte[strict ? 4092 : 1];
try {
int n;
Expand All @@ -131,9 +158,12 @@ public static byte[] flateDecode(byte[] in, boolean strict) {
zip.close();
out.close();
return out.toByteArray();
} catch (MemoryLimitsAwareException e) {
throw e;
} catch (Exception e) {
if (strict)
if (strict) {
return null;
}
return out.toByteArray();
}
}
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
/*
This file is part of the iText (R) project.
Copyright (c) 1998-2019 iText Group NV
Authors: iText Software.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License version 3
as published by the Free Software Foundation with the addition of the
following permission added to Section 15 as permitted in Section 7(a):
FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
ITEXT GROUP. ITEXT GROUP DISCLAIMS THE WARRANTY OF NON INFRINGEMENT
OF THIRD PARTY RIGHTS
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program; if not, see http://www.gnu.org/licenses or write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA, 02110-1301 USA, or download the license from the following URL:
http://itextpdf.com/terms-of-use/
The interactive user interfaces in modified source and object code versions
of this program must display Appropriate Legal Notices, as required under
Section 5 of the GNU Affero General Public License.
In accordance with Section 7(b) of the GNU Affero General Public License,
a covered work must retain the producer line in every PDF that is created
or manipulated using iText.
You can be released from the requirements of the license by purchasing
a commercial license. Buying such a license is mandatory as soon as you
develop commercial activities involving the iText software without
disclosing the source code of your own applications.
These activities include: offering paid services to customers as an ASP,
serving PDFs on the fly in a web application, shipping iText with a closed
source product.
For more information, please contact iText Software Corp. at this
address: sales@itextpdf.com
*/
package com.itextpdf.kernel.pdf.filters;

import com.itextpdf.kernel.pdf.MemoryLimitsAwareException;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfObject;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.util.zip.InflaterInputStream;

/**
* Handles strict FlateDecode filter.
*/
public class FlateDecodeStrictFilter extends FlateDecodeFilter {

/**
* {@inheritDoc}
*/
@Override
public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDictionary streamDictionary) {
ByteArrayOutputStream outputStream = enableMemoryLimitsAwareHandler(streamDictionary);
byte[] res = flateDecode(b, outputStream);
b = decodePredictor(res, decodeParams);
return b;
}

/**
* A helper to flateDecode.
*
* @param in the input data
* @param out the out stream which will be used to write the bytes.
* @return the decoded data
*/
private static byte[] flateDecode(byte[] in, ByteArrayOutputStream out) {
ByteArrayInputStream stream = new ByteArrayInputStream(in);
InflaterInputStream zip = new InflaterInputStream(stream);
byte[] b = new byte[4092];
try {
int n;
while ((n = zip.read(b)) >= 0) {
out.write(b, 0, n);
}
zip.close();
out.close();
return out.toByteArray();
} catch (MemoryLimitsAwareException e) {
throw e;
} catch (Exception e) {
return null;
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ This file is part of the iText (R) project.
*/
package com.itextpdf.kernel.pdf.filters;

import com.itextpdf.kernel.pdf.MemoryLimitsAwareFilter;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfObject;
Expand All @@ -52,11 +53,15 @@ This file is part of the iText (R) project.
/**
* Handles LZWDECODE filter
*/
public class LZWDecodeFilter implements IFilterHandler {
public class LZWDecodeFilter extends MemoryLimitsAwareFilter {

/**
* {@inheritDoc}
*/
@Override
public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDictionary streamDictionary) {
b = LZWDecode(b);
ByteArrayOutputStream outputStream = enableMemoryLimitsAwareHandler(streamDictionary);
b = LZWDecode(b, outputStream);
b = FlateDecodeFilter.decodePredictor(b, decodeParams);
return b;
}
Expand All @@ -68,7 +73,17 @@ public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDi
* @return decoded byte[]
*/
public static byte[] LZWDecode(byte[] in) {
ByteArrayOutputStream out = new ByteArrayOutputStream();
return LZWDecode(in, new ByteArrayOutputStream());
}

/**
* Decodes a byte[] according to the LZW encoding.
*
* @param in byte[] to be decoded
* @param out the out stream which will be used to write the bytes.
* @return decoded byte[]
*/
private static byte[] LZWDecode(byte[] in, ByteArrayOutputStream out) {
LZWDecoder lzw = new LZWDecoder();
lzw.decode(in, out);
return out.toByteArray();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ This file is part of the iText (R) project.
*/
package com.itextpdf.kernel.pdf.filters;

import com.itextpdf.kernel.pdf.MemoryLimitsAwareFilter;
import com.itextpdf.kernel.pdf.PdfDictionary;
import com.itextpdf.kernel.pdf.PdfName;
import com.itextpdf.kernel.pdf.PdfObject;
Expand All @@ -52,11 +53,14 @@ This file is part of the iText (R) project.
/**
* Handles RunLengthDecode filter.
*/
public class RunLengthDecodeFilter implements IFilterHandler {
public class RunLengthDecodeFilter extends MemoryLimitsAwareFilter {

/**
* {@inheritDoc}
*/
@Override
public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDictionary streamDictionary) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
ByteArrayOutputStream outputStream = enableMemoryLimitsAwareHandler(streamDictionary);
byte dupCount;
for (int i = 0; i < b.length; i++) {
dupCount = b[i];
Expand All @@ -65,15 +69,15 @@ public byte[] decode(byte[] b, PdfName filterName, PdfObject decodeParams, PdfDi
}
if ((dupCount & 0x80) == 0) {
int bytesToCopy = dupCount + 1;
baos.write(b, i + 1, bytesToCopy);
outputStream.write(b, i + 1, bytesToCopy);
i += bytesToCopy;
} else { // make dupcount copies of the next byte
i++;
for (int j = 0; j < 257 - (dupCount & 0xff); j++) {
baos.write(b[i]);
outputStream.write(b[i]);
}
}
}
return baos.toByteArray();
return outputStream.toByteArray();
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,155 @@
/*
This file is part of the iText (R) project.
Copyright (c) 1998-2019 iText Group NV
Authors: iText Software.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License version 3
as published by the Free Software Foundation with the addition of the
following permission added to Section 15 as permitted in Section 7(a):
FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
ITEXT GROUP. ITEXT GROUP DISCLAIMS THE WARRANTY OF NON INFRINGEMENT
OF THIRD PARTY RIGHTS
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program; if not, see http://www.gnu.org/licenses or write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA, 02110-1301 USA, or download the license from the following URL:
http://itextpdf.com/terms-of-use/
The interactive user interfaces in modified source and object code versions
of this program must display Appropriate Legal Notices, as required under
Section 5 of the GNU Affero General Public License.
In accordance with Section 7(b) of the GNU Affero General Public License,
a covered work must retain the producer line in every PDF that is created
or manipulated using iText.
You can be released from the requirements of the license by purchasing
a commercial license. Buying such a license is mandatory as soon as you
develop commercial activities involving the iText software without
disclosing the source code of your own applications.
These activities include: offering paid services to customers as an ASP,
serving PDFs on the fly in a web application, shipping iText with a closed
source product.
For more information, please contact iText Software Corp. at this
address: sales@itextpdf.com
*/
package com.itextpdf.kernel.pdf;


import com.itextpdf.kernel.PdfException;
import com.itextpdf.test.annotations.type.UnitTest;
import org.junit.Assert;
import org.junit.Test;
import org.junit.experimental.categories.Category;

@Category(UnitTest.class)
public class MemoryLimitsAwareHandlerTest {

@Test
public void defaultMemoryHandler() {
MemoryLimitsAwareHandler handler = new MemoryLimitsAwareHandler();

Assert.assertEquals(Integer.MAX_VALUE / 100, handler.getMaxSizeOfSingleDecompressedPdfStream());
Assert.assertEquals(Integer.MAX_VALUE / 20, handler.getMaxSizeOfDecompressedPdfStreamsSum());
}

@Test
public void customMemoryHandler() {
MemoryLimitsAwareHandler handler = new MemoryLimitsAwareHandler(1000000);

Assert.assertEquals(100000000, handler.getMaxSizeOfSingleDecompressedPdfStream());
Assert.assertEquals(500000000, handler.getMaxSizeOfDecompressedPdfStreamsSum());
}

@Test
public void defaultSingleMemoryHandler() {
MemoryLimitsAwareHandler handler = new MemoryLimitsAwareHandler();

testSingleStream(handler);
}

@Test
public void defaultMultipleMemoryHandler() {
MemoryLimitsAwareHandler handler = new MemoryLimitsAwareHandler();

testMultipleStreams(handler);
}

@Test
public void considerBytesTest() {
MemoryLimitsAwareHandler handler = new MemoryLimitsAwareHandler();

long state1 = handler.getAllMemoryUsedForDecompression();

handler.considerBytesOccupiedByDecompressedPdfStream(100);
long state2 = handler.getAllMemoryUsedForDecompression();

Assert.assertEquals(state1, state2);

handler.beginDecompressedPdfStreamProcessing();
handler.considerBytesOccupiedByDecompressedPdfStream(100);
long state3 = handler.getAllMemoryUsedForDecompression();
Assert.assertEquals(state1, state3);

handler.considerBytesOccupiedByDecompressedPdfStream(80);
long state4 = handler.getAllMemoryUsedForDecompression();
Assert.assertEquals(state1, state4);

handler.endDecompressedPdfStreamProcessing();
long state5 = handler.getAllMemoryUsedForDecompression();
Assert.assertEquals(state1 + 100, state5);
}

private static void testSingleStream(MemoryLimitsAwareHandler handler) {
String expectedExceptionMessage = PdfException.DuringDecompressionSingleStreamOccupiedMoreMemoryThanAllowed;
int expectedFailureIndex = 10;
String occuredExceptionMessage = null;

int limit = handler.getMaxSizeOfSingleDecompressedPdfStream();

long step = limit / 10;

int i = 0;
try {
handler.beginDecompressedPdfStreamProcessing();
for (i = 0; i < 11; i++) {
handler.considerBytesOccupiedByDecompressedPdfStream(step * (1 + i));
}
handler.endDecompressedPdfStreamProcessing();
} catch (MemoryLimitsAwareException e) {
occuredExceptionMessage = e.getMessage();
}
Assert.assertEquals(expectedFailureIndex, i);
Assert.assertEquals(expectedExceptionMessage, occuredExceptionMessage);
}

private static void testMultipleStreams(MemoryLimitsAwareHandler handler) {
String expectedExceptionMessage = PdfException.DuringDecompressionMultipleStreamsInSumOccupiedMoreMemoryThanAllowed;
int expectedFailureIndex = 10;
String occuredExceptionMessage = null;

int i = 0;
try {
long limit = handler.getMaxSizeOfDecompressedPdfStreamsSum();
long step = limit / 10;

for (i = 0; i < 11; i++) {
handler.beginDecompressedPdfStreamProcessing();
handler.considerBytesOccupiedByDecompressedPdfStream(step);
handler.endDecompressedPdfStreamProcessing();
}
} catch (MemoryLimitsAwareException e) {
occuredExceptionMessage = e.getMessage();
}
Assert.assertEquals(expectedFailureIndex, i);
Assert.assertEquals(expectedExceptionMessage, occuredExceptionMessage);
}

}
Original file line number Diff line number Diff line change
@@ -0,0 +1,95 @@
/*
This file is part of the iText (R) project.
Copyright (c) 1998-2019 iText Group NV
Authors: iText Software.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License version 3
as published by the Free Software Foundation with the addition of the
following permission added to Section 15 as permitted in Section 7(a):
FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
ITEXT GROUP. ITEXT GROUP DISCLAIMS THE WARRANTY OF NON INFRINGEMENT
OF THIRD PARTY RIGHTS
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program; if not, see http://www.gnu.org/licenses or write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA, 02110-1301 USA, or download the license from the following URL:
http://itextpdf.com/terms-of-use/
The interactive user interfaces in modified source and object code versions
of this program must display Appropriate Legal Notices, as required under
Section 5 of the GNU Affero General Public License.
In accordance with Section 7(b) of the GNU Affero General Public License,
a covered work must retain the producer line in every PDF that is created
or manipulated using iText.
You can be released from the requirements of the license by purchasing
a commercial license. Buying such a license is mandatory as soon as you
develop commercial activities involving the iText software without
disclosing the source code of your own applications.
These activities include: offering paid services to customers as an ASP,
serving PDFs on the fly in a web application, shipping iText with a closed
source product.
For more information, please contact iText Software Corp. at this
address: sales@itextpdf.com
*/
package com.itextpdf.kernel.pdf;

import com.itextpdf.kernel.PdfException;
import com.itextpdf.test.annotations.type.UnitTest;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.junit.rules.ExpectedException;

@Category(UnitTest.class)
public class MemoryLimitsAwareOutputStreamTest {

@Rule
public ExpectedException junitExpectedException = ExpectedException.none();

@Test
public void testMaxSize() {
junitExpectedException.expect(MemoryLimitsAwareException.class);
byte[] bigArray = new byte[70];
byte[] smallArray = new byte[31];

MemoryLimitsAwareOutputStream stream = new MemoryLimitsAwareOutputStream();

stream.setMaxStreamSize(100);
Assert.assertEquals(100, stream.getMaxStreamSize());

stream.write(bigArray, 0, bigArray.length);
Assert.assertEquals(bigArray.length, stream.size());

stream.write(smallArray, 0, smallArray.length);
}

@Test
public void testNegativeSize() {
junitExpectedException.expect(MemoryLimitsAwareException.class);
byte[] zeroArray = new byte[0];

MemoryLimitsAwareOutputStream stream = new MemoryLimitsAwareOutputStream();

stream.setMaxStreamSize(-100);
Assert.assertEquals(-100, stream.getMaxStreamSize());

stream.write(zeroArray, 0, zeroArray.length);
}

@Test
public void testIncorrectLength() {
junitExpectedException.expect(IndexOutOfBoundsException.class);
MemoryLimitsAwareOutputStream stream = new MemoryLimitsAwareOutputStream();
stream.write(new byte[1],0, -1);
}
}
286 changes: 286 additions & 0 deletions kernel/src/test/java/com/itextpdf/kernel/pdf/PdfReaderDecodeTest.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,286 @@
/*
This file is part of the iText (R) project.
Copyright (c) 1998-2019 iText Group NV
Authors: iText Software.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License version 3
as published by the Free Software Foundation with the addition of the
following permission added to Section 15 as permitted in Section 7(a):
FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
ITEXT GROUP. ITEXT GROUP DISCLAIMS THE WARRANTY OF NON INFRINGEMENT
OF THIRD PARTY RIGHTS
This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program; if not, see http://www.gnu.org/licenses or write to
the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA, 02110-1301 USA, or download the license from the following URL:
http://itextpdf.com/terms-of-use/
The interactive user interfaces in modified source and object code versions
of this program must display Appropriate Legal Notices, as required under
Section 5 of the GNU Affero General Public License.
In accordance with Section 7(b) of the GNU Affero General Public License,
a covered work must retain the producer line in every PDF that is created
or manipulated using iText.
You can be released from the requirements of the license by purchasing
a commercial license. Buying such a license is mandatory as soon as you
develop commercial activities involving the iText software without
disclosing the source code of your own applications.
These activities include: offering paid services to customers as an ASP,
serving PDFs on the fly in a web application, shipping iText with a closed
source product.
For more information, please contact iText Software Corp. at this
address: sales@itextpdf.com
*/
package com.itextpdf.kernel.pdf;

import com.itextpdf.io.LogMessageConstant;
import com.itextpdf.kernel.PdfException;
import com.itextpdf.test.ExtendedITextTest;
import com.itextpdf.test.annotations.LogMessage;
import com.itextpdf.test.annotations.LogMessages;
import com.itextpdf.test.annotations.type.IntegrationTest;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;

import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;

@Category(IntegrationTest.class)
public class PdfReaderDecodeTest extends ExtendedITextTest {

public static final String sourceFolder = "./src/test/resources/com/itextpdf/kernel/pdf/PdfReaderDecodeTest/";
public static final String destinationFolder = "./target/test/com/itextpdf/kernel/pdf/PdfReaderDecodeTest/";


@BeforeClass
public static void beforeClass() {
createDestinationFolder(destinationFolder);
}

@Test
public void noMemoryHandlerTest() throws IOException {
PdfDocument pdfDocument = new PdfDocument(new PdfWriter(new ByteArrayOutputStream()));

FileInputStream is = new FileInputStream(sourceFolder + "stream");
byte[] b = new byte[51];
is.read(b);

PdfArray array = new PdfArray();

PdfStream stream = new PdfStream(b);
stream.put(PdfName.Filter, array);
stream.makeIndirect(pdfDocument);

Assert.assertEquals(51, PdfReader.decodeBytes(b, stream).length);

array.add(PdfName.Fl);
Assert.assertEquals(40, PdfReader.decodeBytes(b, stream).length);

array.add(PdfName.Fl);
Assert.assertEquals(992, PdfReader.decodeBytes(b, stream).length);

array.add(PdfName.Fl);
Assert.assertEquals(1000000, PdfReader.decodeBytes(b, stream).length);
}

@Test
@LogMessages(messages = {
@LogMessage(messageTemplate = LogMessageConstant.INVALID_INDIRECT_REFERENCE),
@LogMessage(messageTemplate = LogMessageConstant.XREF_ERROR)
})
public void defaultMemoryHandlerTest() throws IOException {
PdfDocument pdfDocument = new PdfDocument(new PdfReader(sourceFolder + "timing.pdf"), new PdfWriter(new ByteArrayOutputStream()));

PdfStream stream = pdfDocument.getFirstPage().getContentStream(0);
byte[] b = stream.getBytes(false);

PdfArray array = new PdfArray();
stream.put(PdfName.Filter, array);

Assert.assertEquals(51, PdfReader.decodeBytes(b, stream).length);

array.add(PdfName.Fl);
Assert.assertEquals(40, PdfReader.decodeBytes(b, stream).length);

array.add(PdfName.Fl);
Assert.assertEquals(992, PdfReader.decodeBytes(b, stream).length);

array.add(PdfName.Fl);
Assert.assertEquals(1000000, PdfReader.decodeBytes(b, stream).length);
}

@Test
@LogMessages(messages = {
@LogMessage(messageTemplate = LogMessageConstant.INVALID_INDIRECT_REFERENCE),
@LogMessage(messageTemplate = LogMessageConstant.XREF_ERROR)
})
public void customMemoryHandlerSingleTest() throws IOException {
MemoryLimitsAwareHandler handler = new MemoryLimitsAwareHandler();
handler.setMaxSizeOfSingleDecompressedPdfStream(1000);

PdfDocument pdfDocument = new PdfDocument(
new PdfReader(sourceFolder + "timing.pdf",
new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
new PdfWriter(new ByteArrayOutputStream()));

PdfStream stream = pdfDocument.getFirstPage().getContentStream(0);
byte[] b = stream.getBytes(false);

PdfArray array = new PdfArray();
stream.put(PdfName.Filter, array);

Assert.assertEquals(51, PdfReader.decodeBytes(b, stream).length);

array.add(PdfName.Fl);
Assert.assertEquals(40, PdfReader.decodeBytes(b, stream).length);

array.add(PdfName.Fl);
Assert.assertEquals(992, PdfReader.decodeBytes(b, stream).length);

array.add(PdfName.Fl);
String expectedExceptionMessage = PdfException.DuringDecompressionSingleStreamOccupiedMoreMemoryThanAllowed;
String thrownExceptionMessage = null;
try {
PdfReader.decodeBytes(b, stream);
} catch (MemoryLimitsAwareException e) {
thrownExceptionMessage = e.getMessage();
}
Assert.assertEquals(expectedExceptionMessage, thrownExceptionMessage);
}

@Test
@LogMessages(messages = {
@LogMessage(messageTemplate = LogMessageConstant.INVALID_INDIRECT_REFERENCE),
@LogMessage(messageTemplate = LogMessageConstant.XREF_ERROR)
})
public void oneFilterCustomMemoryHandlerSingleTest() throws IOException {
MemoryLimitsAwareHandler handler = new MemoryLimitsAwareHandler();
handler.setMaxSizeOfSingleDecompressedPdfStream(20);

PdfDocument pdfDocument = new PdfDocument(
new PdfReader(sourceFolder + "timing.pdf",
new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
new PdfWriter(new ByteArrayOutputStream()));

PdfStream stream = pdfDocument.getFirstPage().getContentStream(0);
byte[] b = stream.getBytes(false);

PdfArray array = new PdfArray();
stream.put(PdfName.Filter, array);

// Limit is reached, but the stream has no filters. Therefore we don't consider ot to be suspicious
Assert.assertEquals(51, PdfReader.decodeBytes(b, stream).length);

// Limit is reached, but the stream has only one filter. Therefore we don't consider ot to be suspicious
array.add(PdfName.Fl);
Assert.assertEquals(40, PdfReader.decodeBytes(b, stream).length);
}

@Test
public void differentFiltersEmptyTest() {
byte[] b = new byte[1000];

PdfArray array = new PdfArray();
array.add(PdfName.Fl);
array.add(PdfName.AHx);
array.add(PdfName.A85);
array.add(PdfName.RunLengthDecode);

PdfStream stream = new PdfStream(b);
stream.put(PdfName.Filter, array);

Assert.assertEquals(0, PdfReader.decodeBytes(b, stream).length);
}

@Test
@LogMessages(messages = {
@LogMessage(messageTemplate = LogMessageConstant.INVALID_INDIRECT_REFERENCE),
@LogMessage(messageTemplate = LogMessageConstant.XREF_ERROR)
})
public void customMemoryHandlerSumTest() throws IOException {
MemoryLimitsAwareHandler handler = new MemoryLimitsAwareHandler();
handler.setMaxSizeOfDecompressedPdfStreamsSum(100000);

PdfDocument pdfDocument = new PdfDocument(
new PdfReader(sourceFolder + "timing.pdf",
new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
new PdfWriter(new ByteArrayOutputStream()));

PdfStream stream = pdfDocument.getFirstPage().getContentStream(0);
byte[] b = stream.getBytes(false);

String expectedExceptionMessage = PdfException.DuringDecompressionMultipleStreamsInSumOccupiedMoreMemoryThanAllowed;
String thrownExceptionMessage = null;
try {
PdfReader.decodeBytes(b, stream);
} catch (MemoryLimitsAwareException e) {
thrownExceptionMessage = e.getMessage();
}
Assert.assertEquals(expectedExceptionMessage, thrownExceptionMessage);
}

@Test
@LogMessages(messages = {
@LogMessage(messageTemplate = LogMessageConstant.INVALID_INDIRECT_REFERENCE),
@LogMessage(messageTemplate = LogMessageConstant.XREF_ERROR)
})
public void pageSumTest() throws IOException {
MemoryLimitsAwareHandler handler = new MemoryLimitsAwareHandler();
handler.setMaxSizeOfDecompressedPdfStreamsSum(1500000);

PdfDocument pdfDocument = new PdfDocument(
new PdfReader(sourceFolder + "timing.pdf",
new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
new PdfWriter(new ByteArrayOutputStream()));


String expectedExceptionMessage = PdfException.DuringDecompressionMultipleStreamsInSumOccupiedMoreMemoryThanAllowed;
String thrownExceptionMessage = null;
try {
pdfDocument.getFirstPage().getContentBytes();
} catch (MemoryLimitsAwareException e) {
thrownExceptionMessage = e.getMessage();
}
Assert.assertEquals(expectedExceptionMessage, thrownExceptionMessage);
}

@Test
@LogMessages(messages = {
@LogMessage(messageTemplate = LogMessageConstant.INVALID_INDIRECT_REFERENCE),
@LogMessage(messageTemplate = LogMessageConstant.XREF_ERROR)
})
public void pageAsSingleStreamTest() throws IOException {
MemoryLimitsAwareHandler handler = new MemoryLimitsAwareHandler();
handler.setMaxSizeOfSingleDecompressedPdfStream(1500000);

PdfDocument pdfDocument = new PdfDocument(
new PdfReader(sourceFolder + "timing.pdf",
new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
new PdfWriter(new ByteArrayOutputStream()));


String expectedExceptionMessage = PdfException.DuringDecompressionSingleStreamOccupiedMoreMemoryThanAllowed;
String thrownExceptionMessage = null;
try {
pdfDocument.getFirstPage().getContentBytes();
} catch (MemoryLimitsAwareException e) {
thrownExceptionMessage = e.getMessage();
}
Assert.assertEquals(expectedExceptionMessage, thrownExceptionMessage);
}
}
Binary file not shown.
Binary file not shown.