Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A hangs close to ten minutes in qpdf #243

Closed
Krace opened this issue Oct 6, 2018 · 24 comments
Closed

A hangs close to ten minutes in qpdf #243

Krace opened this issue Oct 6, 2018 · 24 comments

Comments

@Krace
Copy link

Krace commented Oct 6, 2018

hi,I find something maybe wrong in the newest qpdf.
the poc file will cause the program to be hanged about ten minutes.
Maybe this is a bug or feature?
poc.pdf

and I found that it maybe caused by the unparseObject in libqpdf/PDFWriter.cc,here are some backtrace:

#0  QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x25, flags=0x0) at libqpdf/QPDFWriter.cc:1182
#1  0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#2  0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#3  0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x24, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#4  0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#5  0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#6  0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x23, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#7  0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#8  0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#9  0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x22, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#10 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#11 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#12 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x21, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#13 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#14 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#15 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x20, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#16 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#17 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#18 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x1f, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#19 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#20 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#21 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x1e, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#22 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#23 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#24 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x1d, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#25 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#26 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#27 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x1c, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#28 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#29 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#30 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x1b, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#31 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#32 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#33 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x1a, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#34 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#35 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#36 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x19, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#37 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#38 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#39 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x18, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#40 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#41 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#42 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x17, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#43 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#44 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#45 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x16, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#46 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#47 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#48 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x15, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#49 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#50 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#51 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x14, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#52 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#53 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#54 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x13, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#55 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#56 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#57 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x12, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#58 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#59 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#60 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x11, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#61 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#62 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#63 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x10, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#64 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#65 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#66 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0xf, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#67 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#68 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#69 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0xe, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#70 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#71 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#72 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0xd, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#73 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#74 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#75 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0xc, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#76 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#77 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#78 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0xb, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#79 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#80 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#81 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0xa, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#82 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#83 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#84 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x9, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#85 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#86 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#87 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x8, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#88 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#89 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#90 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x7, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#91 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#92 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#93 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x6, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#94 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#95 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#96 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x5, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#97 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#98 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#99 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x4, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#100 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#101 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#102 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x3, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#103 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#104 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#105 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x2, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#106 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#107 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#108 0x00007ffff7a4dcf0 in QPDFWriter::unparseChild (this=0x7fffffffe070, child=..., level=0x1, flags=0x0) at libqpdf/QPDFWriter.cc:1195
#109 0x00007ffff7a62cf0 in QPDFWriter::unparseObject (this=0x7fffffffe070, object=..., level=<optimized out>, flags=0x0, stream_length=0x0,
    compress=0x0) at libqpdf/QPDFWriter.cc:1544
#110 0x00007ffff7a4e4cb in QPDFWriter::unparseObject (this=0x7ffff7fe8030, object=..., level=0x64edd0, flags=0xe799) at libqpdf/QPDFWriter.cc:1310
#111 0x00007ffff7a7b8b8 in QPDFWriter::writeObject (this=0x7fffffffe070, object=..., object_stream_index=<optimized out>)
    at libqpdf/QPDFWriter.cc:1967
#112 0x00007ffff7a90c17 in QPDFWriter::writeStandard (this=0x7fffffffe070) at libqpdf/QPDFWriter.cc:3397
#113 0x00007ffff7a8580f in QPDFWriter::write (this=0x7fffffffe070) at libqpdf/QPDFWriter.cc:2526
#114 0x0000000000412eb2 in write_outfile (pdf=..., o=...) at qpdf/qpdf.cc:2618
#115 main (argc=<optimized out>, argv=<optimized out>) at qpdf/qpdf.cc:2700
#116 0x00007ffff694ad20 in __libc_start_main () from /lib64/libc.so.6
#117 0x0000000000405ba9 in _start ()

Looking forward to you reply,thx : )

@carnil
Copy link

carnil commented Oct 6, 2018

This issue was assigned CVE-2018-18020.

@jberkenbilt
Copy link
Contributor

This is a pretty heavily damaged PDF file, but I think qpdf is handling it in a reasonable way.

@carnil For what it's worth, when I run the latest qpdf on this on my Linux VM running on my mac, it finishes in under a minute, uses a reasonable and constant amount of memory, and does not crash. When I run it under address sanitizer, it shows no incorrect memory access, unfreed objects, etc. I doubt a CVE is justified here. As far as I can tell, qpdf is robustly handling a very broken file. Is there a specific reason this has been assigned a CVE?

@jberkenbilt
Copy link
Contributor

I don't believe there is unbounded recursion here. While QPDFWriter calls unparseObject recursively, earlier CVE fixes bound the depth of objects that QPDF will create. As far as I can tell, that protection is working and is preventing QPDFWriter from unbounded recursion. In fact, the checking introduced in the fix to CVE-2018-9918 is actually triggered by this file. The message "ignoring excessively deeply nested data structure" appears twice in the output.

@carnil
Copy link

carnil commented Oct 8, 2018

@jberkenbilt

This is a pretty heavily damaged PDF file, but I think qpdf is handling it in a reasonable way.

@carnil For what it's worth, when I run the latest qpdf on this on my Linux VM running on my mac, it finishes in under a minute, uses a reasonable and constant amount of memory, and does not crash. When I run it under address sanitizer, it shows no incorrect memory access, unfreed objects, etc. I doubt a CVE is justified here. As far as I can tell, qpdf is robustly handling a very broken file. Is there a specific reason this has been assigned a CVE?

FWIW, I do not know, I was only the messenger here (I noticed the CVE assignment while reviewing the feed update from MITRE referincing for qpdf this bug and the respective CVE assignment to CVE-2018-18020. I think this needs to be answered by the requestor, @Krace did you request the CVE?

@Krace
Copy link
Author

Krace commented Oct 8, 2018 via email

@jberkenbilt
Copy link
Contributor

@Krace No problem, thanks for your dilligence. I'll go ahead and close this issue. I'm glad to see that past fixes are working.

@Krace
Copy link
Author

Krace commented Oct 9, 2018

Hello,I run this on another machine Centos7.0 ,it still have a hangs about ten minutes.
Does the OS matters?thx

@Krace
Copy link
Author

Krace commented Oct 9, 2018

On the ubuntu 14.04 i686 ,it also hangs for almost 3mins rather less than 1min.

@Krace
Copy link
Author

Krace commented Oct 9, 2018

I think the cpu cores and memory maybe have some influence.
But in the first comment,I use Centos6.5 with 16cores and 32G memory,so what exactly the problem is ?some dependence too old?

@jberkenbilt jberkenbilt reopened this Oct 9, 2018
@jberkenbilt
Copy link
Contributor

Okay, let's leave this open, and I can see if I can track down why it performs so badly. I'll leave it to others' judgment as to whether there should be a CVE for this. There are some things inherent to PDF that, in the absence of arbitary caps, will cause any PDF interpreter to behave in certain ways. Clearly though qpdf is taking a longer time to reject this file than other viewers. I'm not sure whether it's because it's giving up more slowly or whether I've implemented something in an inefficient way. It's also possible that my arbitrary cap of 500 levels of nesting is much larger than it should be. It's hard to imagine any legitimate PDF file that would require more than maybe 10 or 15 levels. Maybe 100 would be a better cap that would make this more tolerable, or maybe there's just something dumb in the error handling code. I would agree that RAM and CPU should determine the performance, so I'm confused as to why my linux VM running on a mac laptop should outperform 16 cores and 32 GB of RAM. I don't think old dependencies would matter. Maybe CentOS compiles things with memory guards that have a higher overhead or something.

I'm not going to treat this as urgent unless there's a good case as to why I should, but I will get to it when I can.

@Krace
Copy link
Author

Krace commented Oct 9, 2018 via email

@jberkenbilt
Copy link
Contributor

I've been look at this a bit, and I think it's just inherent slowness of the way I use STL combined with the pathological nature of this file. qpdf's performance is good but not superb...mostly I have focused on ease of maintainability and robustness over speed. I'm going to leave this open, but I don't think I'm going to try to work on a fix. There doesn't seem to be any specific bug here. This would have to be addressed in the context of an overall effort to improve qpdf's performance.

@jberkenbilt
Copy link
Contributor

After recent fixes, this file no longer hangs for a long time. I recently added code to qpdf (not yet released, but it will be in version 9) that bails out if it encounters too many consecutive parsing errors. Thanks for the report.

@NicoleG25
Copy link

Hi @jberkenbilt , could you please point out where the fix was made ? (what commit)
Thanks :) !

@jberkenbilt
Copy link
Contributor

Hi @NicoleG25 . How important is it to do that? It would be possible to find the commit, but it would require using bisect. I could do it, but it would take time and effort since I didn't specifically target this particular issue. The way it would work would be to use git bisect on the range of commits from the most recent release prior to this bug report up to the commit that was current on master at the time of my previously reply. At each step, run the command on the file and see if it hangs or finish quickly. This would identify the commit that fixed it.

If you can explain why you want to know this, it would help me determine whether it's worth it for me to spend the time doing this. Alternatively, anyone can do this analysis with git bisect. At each step, you could rebuild with ./autogen.sh && configure --disable-shared && make -j$(nproc) build_qpdf, then run the test with ./qpdf/buildf/qpdf poc.pdf /tmp/out.pdf

@attritionorg
Copy link

Since @NicoleG25 and I both frequently ask developers this, I will give my input. There are times where a vendor has implemented a library and made significant changes to it. Instead of just integrating a new version, they do one-off code patches based on your fixing commits. In other cases, a vendor may have integrated the library as-is, but won't upgrade it without verifying the need to do so. In those cases, a vendor may not upgrade just because there was a 'security fix', as the functionality that was found vulnerable wasn't implemented in their integration, or it was and there is no user code path to reach a vulnerable function. So the ability to independently evaluate a fix for multiple reasons leads me to ask for the fixing commit often times.

For many projects, issues are closed out in the PR with the fixing commit, or even linking to the fixing PR that has the commit that was merged into master is all we need. That said, this project and several others 'enjoy' cases where an issue is fixed before it is fully evaluated by other code changes, and I know it is a pain in the ass to find the actual fixing commit. So I certainly appreciate the time involved and your consideration in doing so. For my company's purpose, it is very helpful to have it, but not mandatory. Thanks!

@jberkenbilt
Copy link
Contributor

@attritionorg @NicoleG25 You'll notice that I almost always close issues with commits that fix them, and I think it's a good practice. In this particular case, I was fixing a series of issues, and when I got to this one, it was no longer an issue. I don't know which commit fixed it. Most likely it was similar to a different issue that was fixed by a nearby commit. Do a git log --oneline | grep '(fixes #

Also, I have been a debian developer for a long time and was frequently in the business of backporting security patches, so I definitely get what you are saying and fully appreciate this.

Obviously you fully understand the issue and the situation, as do I. This project is mostly a hobby for me though, and since anyone can do the git bisect to figure this out, I'm not inclined to spend my time doing it. But please understand it's not because I don't appreciate the value. It's just because there are only so many hours in a day. :-)

Looking at the ChangeLog, from around June 13 until around June 22, 2019, I took time off work to do a full integration of qpdf with Google's OSS-Fuzz. There are very large changes including some ABI changes, hence the next release being 9.0.0. During that week, I went through and fixed many issues found by fuzzers, and I also did a bit cleanup on integer type conversions. After fixing those issues, I rechecked other open issues of similar nature and was pleased to find that most were fixed. In this particular instance, I can say the fix was most likely one of the commits I did during that period, and I can also say that it would be difficult to backport the changes in isolation.

Hopefully this helps.

@NicoleG25
Copy link

NicoleG25 commented Apr 8, 2020

Hi @jberkenbilt , thank you for your input and reply.
As stated previously by @attritionorg , it is helpful to have in order to help our customers identify whether or not they are still using a version that might be vulnerable. In addition we advise them to upgrade to the fixed version if one exist.
This is why it would be beneficial for us to know where & when it was fixed.
If you could point out the vulnerable file for us, we would take care of the rest :)

Thanks in advance !

@jberkenbilt
Copy link
Contributor

@NicoleG25 The vulnerable file is linked in the issue at the top in the original report. Let me know if you run into trouble, and I'll jump in and help out.

@NicoleG25
Copy link

Hi @jberkenbilt !
After some reviewing I've encountered the following commits and was wondering if you could confirm which one fixes the issue :)

  1. b07ad67#diff-ebd1e6eca7d2c72d8f0fb006a5b9e204
  2. eb79488#diff-ebd1e6eca7d2c72d8f0fb006a5b9e204

Thanks in advance !

@jberkenbilt
Copy link
Contributor

The commit that fixed this was cf469d7.
I found it using git bisect, bisecting between the 8.4.2 and 9.0.0 release tags.

@jberkenbilt
Copy link
Contributor

@NicoleG25 forgot to tag you -- see previous comment. It's cf469d7

@attritionorg
Copy link

Thanks @NicoleG25 for digging up that commit, and @jberkenbilt for the discussion and confirmation!

@NicoleG25
Copy link

@NicoleG25 forgot to tag you -- see previous comment. It's cf469d7

Thank you @jberkenbilt for the confirmation ! :)
Have a good day !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants