From ae4f1ae3e757a31dde9f65eb36b74865f09c40f7 Mon Sep 17 00:00:00 2001 From: Jonas Jenwald Date: Wed, 24 Nov 2021 18:55:28 +0100 Subject: [PATCH] Ensure that `ChunkedStream` won't attempt to request data *beyond* the document size (issue 14303) This bug was surprisingly difficult to track down, since it didn't just depend on range-requests being used but also on how quickly the document was loaded. To even be able to reproduce this locally, I had to use a very small `rangeChunkSize`-value (note the unit-test). The cause of this bug is a bogus entry in the XRef-table, causing us to attempt to request data from *beyond* the actual document size and thus getting into an infinite loop. Fixes *one* of the issues listed in issue 14303, namely the `PDFBOX-4352-0.pdf` document. --- src/core/chunked_stream.js | 14 +++++++++++--- test/pdfs/.gitignore | 3 ++- test/pdfs/PDFBOX-4352-0.pdf | Bin 0 -> 1481 bytes test/unit/api_spec.js | 15 +++++++++++++++ 4 files changed, 28 insertions(+), 4 deletions(-) create mode 100644 test/pdfs/PDFBOX-4352-0.pdf diff --git a/src/core/chunked_stream.js b/src/core/chunked_stream.js index 688267072..426b7abb6 100644 --- a/src/core/chunked_stream.js +++ b/src/core/chunked_stream.js @@ -107,6 +107,9 @@ class ChunkedStream extends Stream { } const chunk = Math.floor(pos / this.chunkSize); + if (chunk > this.numChunks) { + return; + } if (chunk === this.lastSuccessfulEnsureByteChunk) { return; } @@ -125,9 +128,14 @@ class ChunkedStream extends Stream { return; } - const chunkSize = this.chunkSize; - const beginChunk = Math.floor(begin / chunkSize); - const endChunk = Math.floor((end - 1) / chunkSize) + 1; + const beginChunk = Math.floor(begin / this.chunkSize); + if (beginChunk > this.numChunks) { + return; + } + const endChunk = Math.min( + Math.floor((end - 1) / this.chunkSize) + 1, + this.numChunks + ); for (let chunk = beginChunk; chunk < endChunk; ++chunk) { if (!this._loadedChunks.has(chunk)) { throw new MissingDataException(begin, end); diff --git a/test/pdfs/.gitignore b/test/pdfs/.gitignore index a957af612..1b7bd6cee 100644 --- a/test/pdfs/.gitignore +++ b/test/pdfs/.gitignore @@ -486,4 +486,5 @@ !pr12828.pdf !secHandler.pdf !rc_annotation.pdf -!issue14267.pdf \ No newline at end of file +!issue14267.pdf +!PDFBOX-4352-0.pdf diff --git a/test/pdfs/PDFBOX-4352-0.pdf b/test/pdfs/PDFBOX-4352-0.pdf new file mode 100644 index 0000000000000000000000000000000000000000..12b1ef1474ec56c8de8564d4a299c9a7693a9009 GIT binary patch literal 1481 zcmZux%WEV>7+3IOA0!}nlscGW?0P?72qc*qPtR8?h@b~S5WK1f?|RpR|9~K@_*KtzW>9OI>FV$O`+Z;4?#Xz%M_yOi?)QH_{W~KF zquRZjjYcS+Ty?Q(%erb&`aBpPPWsKEZR2Tdk_P4Ax@CDQK8y>b(f)pV@)LU=TSOt| z4CQyOFCxm1Y-bnsIjFN(g_J6(hm=S4Wz`{q^0&&+qWg&Tu5S;{t9TpNq~5qzP;S>E zzDjpHhSDC^R}clmk7A4jMiA=6HefeYHH&S1*?1^3VVu^W={E$4KF%7+s`!+DtMZg- zNPjC<=iLJ&IRq&eU2NdJuw5KSUx(hQ?V4zp*;n_Tz4P1iJ5N5_d+*~<{m3;kDkRE}(MWl117U#^?u8eGQ%R$fMhhM=CzM6XIAPk6 zAdR<1Q|Fn%jN_oR73sl5dPxO$o>T6#3d#v1FX;lfxfwG&p^Li&O_3aTgt^=VMi9yIPGHcOa;0!z%9u-bY_sPsgt;6vn5 zIU=Dpu%977IPaFz^dEo{cr}}kyJ$p>EC^xB8DbToLGs9$H&T1zB3A;dpp*|*N-Vv? z!b$_s6jem9AfQlU0tM0%fy@VnwK4*%Fex+@(LfP*0Xy|Zd9YH21--^tSpw8ruZV~A z%sPNVc%eLYSQa=&EL|iCO^75$2y+UPzG-#p?P{8`H8h>Nooy`A_h4~w**%y%Ovfo7 z*Z%k-Rv8S)ZMZBZ^HY`$1HtH)|5X!<3?q}_n}wthOrQeY$OuezTBzz}YFJ4|7#!%d z*2=Uc+N@-F<&b2Iz}%*_Wyj$T__s{(weQ9bIQ)+t!3qxi5U*=&xqwriE{j=Rr%S89 z<>uw1hz!c#7^C~6!iT^LTsW8