Activity for PoDoFo

  • Utente Ausiliario Utente Ausiliario posted a comment on ticket #140

    I recognized this isn't the place for this issue and been trying to remove the ticked but can't find the way to remove it. Anyway, I did resolve the build problem.

  • Utente Ausiliario Utente Ausiliario created ticket #140

    error using podofo.a libraruy

  • coralrong coralrong posted a comment on ticket #139

    I Fond this is similar to CVE-2021-30469, But my podofo version is 0.9.8(which was published in 2022). So I think this is a new bug.

  • coralrong coralrong created ticket #139

    podofoencrypt bug

  • Rizwan Mohammed Rizwan Mohammed posted a comment on ticket #138

    Attachment2

  • Rizwan Mohammed Rizwan Mohammed created ticket #138

    Cannot retrieve JS node with GetJavaScriptNode(true)

  • Mattia Rizzolo Mattia Rizzolo posted a comment on ticket #48

    For cross-reference, this has been assigned CVE-2020-18971

  • Dominik Seichter Dominik Seichter committed [r2063]

    test commit

  • PoDoFo PoDoFo released /podofo/0.9.8/podofo-0.9.8.tar.gz

  • Dominik Seichter Dominik Seichter committed [r2062]

    Release branching

  • Dominik Seichter Dominik Seichter committed [r2061]

    Tagging release 0.9.8

  • Dominik Seichter Dominik Seichter committed [r2060]

    Version bump to 0.9.8

  • zyx zyx committed [r2059]

    podofosign: Default to SHA512 and add argument to change the digest

  • zyx zyx committed [r2058]

    Patch by Wolfgang Stoeggl: Fix -Wmemset-elt-size warnings

  • zyx zyx committed [r2057]

    Patch by Wolfgang Stoeggl: Add missing guards to header files

  • zyx zyx committed [r2056]

    Patch by Wolfgang Stoeggl: Silence unknown pragma warnings under MINGW

  • zyx zyx committed [r2055]

    Patch by Mark Rogers: Check that /DecodeParams values are in range (CVE-2018-20797)

  • zyx zyx committed [r2054]

    Patch by F.E.: Ignore "/Prev 0" in trailer

  • zyx zyx committed [r2053]

    Add FontTest::testBig2Little() unit test

  • zyx zyx committed [r2052]

    Revert the previous commit (r2051) - it causes stack overflow

  • zyx zyx committed [r2051]

    Patch by Michal Sudolsky: Fix undefined behavior in PdfFontTTFSubset.cpp:Big2Little

  • zyx zyx committed [r2050]

    Patch by Andreas Brzesowsky: Add support for revision 6 encryption (PDF1.7 extension 8, PDF 2.0)

  • zyx zyx committed [r2049]

    Patch by Mark Rogers: Add tests for stack overflow infinite recursion for CVE-2018-8002, CVE-2021-30470, CVE-2021-30471, CVE-2020-18971

  • zyx zyx committed [r2048]

    Patch by Mark Rogers: Refactored stack overflow recursion guard to fix CVE-2018-8002, CVE-2021-30470, CVE-2021-30471, CVE-2020-18971

  • Alexander Finger Alexander Finger posted a comment on ticket #137

    It's been resolved. Don't know how to close the ticket!

  • Alexander Finger Alexander Finger posted a comment on ticket #137

    @domseichter Any idea how to call PdfEncodingFactory::FreeGlobalEncodingInstances() method and not trow an exception? No matter where i put this i get an exception.

  • Alexander Finger Alexander Finger modified a comment on ticket #137

    A workaround the memory leak is to change: inline bool PdfSimpleEncoding::IsAutoDelete() const { return true; // false; } But that does not look like a fix. The remaining leaks must be addressed. Can any dev comment on this? How void PdfEncodingFactory::FreeGlobalEncodingInstances() should be called? @mabri @domseichter I will try to run the litePDF and see what leaks i can find there, but it seems no podofo sources available for that windows version. But i have some tools that can be usefull to...

  • Alexander Finger Alexander Finger posted a comment on ticket #137

    A workaround the memory leak is to change: inline bool PdfSimpleEncoding::IsAutoDelete() const { return true; // false; } But that does not look a fix. The remaining leaks must be addressed. Can any dev comment on this? How void PdfEncodingFactory::FreeGlobalEncodingInstances() should be called? @mabri @domseichter I will try to run the litePDF and see what leaks i can find there, but it seems no podofo sources available for that windows version. But i have some tools that can be usefull to detect...

  • Alexander Finger Alexander Finger modified a comment on ticket #137

    Sample code to reproduce the memory leak. Please, ignore the openssl leaks. https://gist.github.com/avafinger/d2e2007d3ed87c452fa0c0b184dd11fa Build with: g++ sign.cpp -o sign -I/usr/include/openssl -lssl -lpodofo -lcrypto Run: ./sign pdf_to_sign.pdf certificate.pfx privatekey_password ==9319== ==9319== 40 bytes in 1 blocks are still reachable in loss record 1 of 6 ==9319== at 0x4C3217F: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9319== by 0x27221B: PoDoFo::PdfSimpleEncoding::PdfSimpleEncoding(PoDoFo::PdfName...

  • Alexander Finger Alexander Finger modified a comment on ticket #137

    Did some cleanup for a better example... ==12668== Memcheck, a memory error detector ==12668== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==12668== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==12668== Command: ./sign pdf_to_sign.pdf certificate.pfx @pwd@ ==12668== init ok p7Buf filled==12668== ==12668== HEAP SUMMARY: ==12668== in use at exit: 65,904 bytes in 5 blocks ==12668== total heap usage: 4,668 allocs, 4,663 frees, 801,911 bytes allocated ==12668==...

  • Alexander Finger Alexander Finger posted a comment on ticket #137

    Did some cleanup for a better example... ==12668== Memcheck, a memory error detector ==12668== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al. ==12668== Using Valgrind-3.13.0 and LibVEX; rerun with -h for copyright info ==12668== Command: ./sign pdf_to_sign.pdf certificate.pfx @digital32@ ==12668== init ok p7Buf filled==12668== ==12668== HEAP SUMMARY: ==12668== in use at exit: 65,904 bytes in 5 blocks ==12668== total heap usage: 4,668 allocs, 4,663 frees, 801,911 bytes allocated ==12668==...

  • Alexander Finger Alexander Finger modified a comment on ticket #137

    Sample code to reproduce the memory leak. Please, ignore the openssl leaks. https://gist.github.com/avafinger/d2e2007d3ed87c452fa0c0b184dd11fa Build with: g++ sign.cpp -o sign -I/usr/include/openssl -lssl -lpodofo -lcrypto Run: ./sign pdf_to_sign.pdf certificate.pfx privatekey.pkey ==9319== ==9319== 40 bytes in 1 blocks are still reachable in loss record 1 of 6 ==9319== at 0x4C3217F: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==9319== by 0x27221B: PoDoFo::PdfSimpleEncoding::PdfSimpleEncoding(PoDoFo::PdfName...

  • Alexander Finger Alexander Finger posted a comment on ticket #137

    Sample code to reproduce the memory leak. Please, ignore the openssl leaks. https://gist.github.com/avafinger/d2e2007d3ed87c452fa0c0b184dd11fa Build with: g++ sign.cpp -o sign -I/usr/include/openssl -lssl -lpodofo -lcrypto Run: ./sign pdf_to_sign.pdf certificate.pfx privatekey.pkey ==8335== 65,536 bytes in 1 blocks are still reachable in loss record 74 of 74 ==8335== at 0x4C33B25: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==8335== by 0x27AC53: PoDoFo::podofo_calloc(unsigned...

  • Alexander Finger Alexander Finger posted a comment on ticket #137

    There is another leak in: const PdfEncoding* PdfEncodingFactory::GlobalWinAnsiEncodingInstance() { if(!s_pWinAnsiEncoding) // First check { Util::PdfMutexWrapper wrapper( PdfEncodingFactory::s_mutex ); if(!s_pWinAnsiEncoding) // Double check s_pWinAnsiEncoding = new PdfWinAnsiEncoding(); } return s_pWinAnsiEncoding; } Report ==3513== 144 bytes in 1 blocks are still reachable in loss record 3 of 5 ==3513== at 0x4C3217F: operator new(unsigned long) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)...

  • Alexander Finger Alexander Finger created ticket #137

    PoDoFo Memory Leaks

  • zyx zyx committed [r2047]

    Patch by Michal Sudolsky: Fix an undefined behavior in Big2Little()

  • Michal Michal posted a comment on ticket #136

    patch

  • Michal Michal created ticket #136

    UB in Big2Little

  • zyx zyx committed [r2046]

    Patch by Federico Kircheis: Let the PdfSignOutputDevice::AdjustByteRange() return the resulting array

  • Christopher Creutzig Christopher Creutzig posted a comment on ticket #25

    As proposed, moved PdfRecursionGuard to broader visibility (we could argue about the right header for it, but that can be changed) and used it in PdfOutlineItem. This also fixes #48 (where I started, hence the patch's file name).

  • Christopher Creutzig Christopher Creutzig posted a comment on ticket #48

    The problem with this file is a recursive outline structure, leading to infinite recursion in the PdfOutlineItem constructor: Following the /Next chain from 16 0 obj gets us to 19 0 R, 21 0 R, 20 0 R, back to 16 0 R. That is probably invalid (the pdf spec does not seem to explicitly say so, but it implies the chain of /Next should terminate), but the PdfOutlineItem constructor for 20 0 R doesn't know that alleged next entry already came earlier. Issue #25 is the same problem with /First entries a...

  • Christopher Creutzig Christopher Creutzig created ticket #135

    Default glyph widths should be scaled, too

  • Igor Mironchik Igor Mironchik created ticket #134

    DPI in PdfImage

  • zyx zyx modified ticket #133

    Invalid font spec found, causing PoDoFo error

  • zyx zyx posted a comment on ticket #133

    Okay, that's pity. I'll commit this anyway, we'll see whether it'll break anything to anyone (I guess it will not). I think PoDoFo could generate files with missing Widths key, but I do not recall any detail, maybe I just mixed things up. In any case, it's committed as [r2045].

  • zyx zyx committed [r2045]

    Patch by Christopher Creutzig: PdfFontFactory: Ignore FontDescriptor when without Widths/FirstChar/LastChar

  • zyx zyx modified ticket #107

    Fonts with difference encoding can have ToUnicode, as well

  • zyx zyx posted a comment on ticket #107

    Thanks for the file. I checked the PDF ISO and according to the "9.10.2 Mapping Character Codes to Unicode Values" the toUnicode has a precedence over the differences. Your patch does both, but I think in a good way. I committed your patch (slightly modified) as [r2044].

  • zyx zyx committed [r2044]

    Patch by Christopher Creutzig: Prefer toUnicode within PdfDifferenceEncoding

  • Christopher Creutzig Christopher Creutzig posted a comment on ticket #107

    The attached file should extract text like “Wear proper.” Without the patch, I am getting random-looking character substitutions, text like “Wlaeba cr lpot.” GetUnicodeValue should be able to handle requests for glyhs not in m_toUnicode, which includes it being empty. When there are both differences and toUnicode, I expect toUnicode to take precedence, yes.

  • Christopher Creutzig Christopher Creutzig posted a comment on ticket #133

    Unfortunately, I do not have access to this publicly visible file any more, either. The file we have locally with the same problem is not something we can share publicly.

  • zyx zyx modified ticket #105

    PdfSimpleEncoding::ConvertToUnicode must be able to return embedded NUL

  • zyx zyx posted a comment on ticket #105

    Thanks for a quick response, I can reproduce it with it too. The patch doesn't apply, but I see where it is supposed to go (the diff -up helps with that too - there are some articles how to do it with svn), thus I applied it manually (attached patches are better, as you might notice from my comments on various other tickets, though I'm not sure why copy&paste did not work this time), and it works as expected, thus I committed it as [r2043]. Thanks again.

  • zyx zyx committed [r2043]

    Patch by Christopher Creutzig: Make it possible to return embedded NUL from PdfEncoding

  • zyx zyx committed [r2042]

    Patch by Chris: podofoimpose: Properly copy 'number' and 'null' objects

  • zyx zyx committed [r2041]

    Patch by Christopher Creutzig: PdfXRefStreamParserObject: Correct 'indeces' typos

  • zyx zyx modified ticket #96

    Allow querying the type of password used

  • zyx zyx posted a comment on ticket #96

    Thanks for the patch. Attach them the next time, please. Otherwise I think it looks good, thus I committed it as [r2040] with a tiny change, I replaced was with is in the comment summary.

  • zyx zyx committed [r2040]

    Patch by Christopher Creutzig: Introduce PdfEncrypt::IsOwnerPasswordSet()

  • zyx zyx modified ticket #77

    Bug when drawing text using truetype font with difference encoding loaded from pdf

  • zyx zyx posted a comment on ticket #77

    Thanks for the patch. I committed it as [r2039].

  • zyx zyx committed [r2039]

    Patch by Michal Sudolsky: Fix bug when drawing text using truetype font with difference encoding loaded from pdf

  • zyx zyx modified ticket #76

    String width is incorrect when using font loaded from pdf

  • zyx zyx posted a comment on ticket #76

    This had been committed recently as [r2035], thus I'm closing it. See the thread referenced in the previous message.

  • zyx zyx modified ticket #49

    memory leakage at src/base/PdfTokenizer.cpp:334 in IsNextToken(const char*)

  • zyx zyx posted a comment on ticket #49

    Could you provide a test for this, please? I do not see the memory leak, neither your change makes any sense to me, because: a) it's an unrelated code to the Tokenizer; b) each Load() calls this->Clear() first and the PdfParser destructor calls the this->Clear() as well, thus the problem you fixed (and committed) has been probably just hiding another issue. I can be wrong, which is the reason why I ask for the test case. Considering how old this ticket is and the fact the code is changed, I'm closing...

  • zyx zyx modified ticket #46

    excessive memory allocation crash at src/doc/PdfPagesTreeCache.cpp:45 when nInitialSize=0xffffffff

  • zyx zyx posted a comment on ticket #46

    Thanks for the patch. I committed it as [r2038], though a bit better would be to limit the size and preallocate only the limited number, than nothing, but I used your version as is.

  • zyx zyx committed [r2038]

    Patch by Christopher Creutzig: CVE-2019-10723 - Excessive memory allocation crash at PdfPagesTreeCache

  • zyx zyx modified ticket #23

    CVE-2018-12983 - stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey()

  • zyx zyx posted a comment on ticket #23

    I gave a try to this patch and it does fix the problem. I did not notice any regression, thus I committed it as r2037. Thank you.

  • zyx zyx committed [r2037]

    Fix by Matthew Brincke: CVE-2018-12983 - stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey()

  • zyx zyx committed [r2036]

    EncryptTest: Fallback to Helvetica font, when Arial cannot be loaded

  • zyx zyx modified ticket #75

    podofo 0.9.6 NULL pointer dereference caused in `ImageExtractor::ExtractImage(PdfObject*, bool)`

  • zyx zyx posted a comment on ticket #75

    Thanks fro the patch. It has got obsolete meanwhile, the current r2035 doesn't dereference the NULL pointer, it ends with an error: <</Type/XRef/Filter/FlateDecode/ID[<334A7E79C9FCCBC7E87D7C325FA995C4><334A7E79C9FCCBC7E87D7C325FA995C4>]/Index[ 0 256]/Info 2 0 R/Length 451/Root 1 0 R/Size 256/W[ 1 2 1]>> Error: An error 2 ocurred during processing the pdf file. PoDoFo encountered an error. Error: 2 ePdfError_InvalidHandle Error Description: A NULL handle was passed, but initialized data was expected....

  • Christopher Creutzig Christopher Creutzig posted a comment on ticket #105

    Attached my local copy of the file. The NUL characters stem from the decoding table of the font.

  • zyx zyx posted a comment on ticket #105

    Thanks for the patch. The PDF file is gone, unfortunately, thus I cannot test it. As I mentioned elsewhere, attaching patches it better. The change itself looks odd, because the snippet you pasted above does not contain a zero - maybe only because it's taken out of the context? Aka the text encoding changes the values?

  • zyx zyx posted a comment on ticket #107

    I'm sorry, but I hate to open random sites whit their cookies consents and whatever. Would it be possible to attach such file and claim what precisely is your patch fixing, please? Like: without it, PoDoFo cannot.... , but with it PoDoFo can..... PdfObject* pToUnicode = nullptr); Use NULL instead, please, the same as the other code in the PoDoFo. if( m_differences.Contains( static_cast<int>(pszInput[i]), name, value ) ) pszUtf16[i] = value; if(m_bToUnicodeIsLoaded) { value = GetUnicodeValue(pszInput[i]);...

  • zyx zyx posted a comment on ticket #133

    Thanks for the patch, just, the next time attach it. It avoids issues with whitespace and other things the web browser may break. Being it attached it is also significantly easier, and fool proof, when applying it. Unfortunately, I cannot test this because >this file< link above results in "Bad Request". It's safer to attach things to the bug trackers.

  • zyx zyx committed [r2035]

    Patch by Michal Sudolsky: Correct string width when using font loaded from pdf

  • zyx zyx committed [r2034]

    Patch by Christopher Creutzig: Correct typos in code comments

  • Christopher Creutzig Christopher Creutzig posted a comment on ticket #46

    Given the offending instruction is just preallocating memory for performance, I believe this should be easy to fix, using an arbitrary limit for preallocation: Index: src/podofo/doc/PdfPagesTreeCache.cpp =================================================================== --- src/podofo/doc/PdfPagesTreeCache.cpp (revision 2033) +++ src/podofo/doc/PdfPagesTreeCache.cpp (working copy) @@ -42,7 +42,9 @@ PdfPagesTreeCache::PdfPagesTreeCache( int nInitialSize ) { - m_deqPageObjs.resize( nInitialSize );...

  • Matthew Brincke Matthew Brincke posted a comment on ticket #119

    The PoC as output file of my program posted as source code in the previous comment is attached here.

  • Matthew Brincke Matthew Brincke modified a comment on ticket #119

    I've removed the attachment to my previous because it was erroneous, I'm sorry. Attached to this post is a corrected and tested version (for creation of a PoC of this issue which I've checked to display correctly with different non-PoDoFo programs). The output PDF will be attached to my next post here. I haven't yet reproduced this issue with it, I don't have the right environment handy right now and need to go on a journey to my new workplace very soon. It might only work on unix-like OSes because...

  • Matthew Brincke Matthew Brincke posted a comment on ticket #119

    I've removed the attachment to my previous because it was erroneous, I'm sorry. Attached to this post is a corrected and tested version (for creation of a PoC of this issue which I've checked to display correctly with different non-PoDoFo programs). The output PDF will be attached to my next post here. I haven't yet reproduced this issue with it, I don't have the right environment handy right now and need to go on a journey to my new workplace very soon.

  • Matthew Brincke Matthew Brincke modified a comment on ticket #119

    I'm sorry I only implemented the latter program to produce a PoC PDF with the one-bit-per-pixel PNG as input (for the latter see above, was below when composing this, earlier replies) today and couldn't test it yet, I need to go to bed now as I'll have an important appointment tomorrow early in the morning. The C++ source code of the program is attached here. It takes the PNG file as input on standard input. If you use Windows, please insert a call switching that to binary mode into the source before...

  • Matthew Brincke Matthew Brincke modified a comment on ticket #119

    I'm sorry I only implemented the latter program to produce a PoC PDF with the one-bit-per-pixel PNG as input (for the latter see above, was below when composing this, earlier replies) today and couldn't test it yet, I need to go to bed now as I'll have an important appointment tomorrow early in the morning. The C++ source code of the program is attached here.

  • Matthew Brincke Matthew Brincke posted a comment on ticket #119

    I'm sorry I only implemented the latter program to produce a PoC PDF with the one-bit-per-pixel PNG as input (for the latter see below earlier replies) today and couldn't test it yet, I need to go to bed now as I'll have an important appointment tomorrow early in the morning. The C++ source code of the program is attached here.

  • Matthew Brincke Matthew Brincke posted a comment on ticket #119

    The output PNG file of the program creating a one-bit-per-pixel Paeth-filtered PNG image is attached (it's a QR code of 21x21 pixels).

  • Matthew Brincke Matthew Brincke posted a comment on ticket #119

    I'm sorry I didn't attach the program earlier, it's from April 8, 2021. The output file of can only be attached to the next reply.

  • Mattia Rizzolo Mattia Rizzolo posted a comment on ticket #132

    This is CVE-2021-30472

  • Mattia Rizzolo Mattia Rizzolo posted a comment on ticket #131

    This is CVE-2021-30471

  • Mattia Rizzolo Mattia Rizzolo posted a comment on ticket #130

    This is CVE-2021-30470

  • Mattia Rizzolo Mattia Rizzolo posted a comment on ticket #129

    For cross-reference, to this issue has been assigned CVE-2021-30469

  • Ivan Romanov Ivan Romanov posted a comment on ticket #102

    Also you can use podofobrowser to see what exactly add your tool. In this case you will PDF file as a tree of nodes. But in this case you need to read PDF Reference to understand what you see.

  • Ivan Romanov Ivan Romanov posted a comment on ticket #102

    I don't add watermarks. I only remove them. I use this tool to remove watermark from old Shimano bike components manuals. I don't know how they create such pdfs. Anyway I believe there are numbers of various ways to add watermarks. In worst case they won't be distinguish from regular text or images.

  • Ricky Wei Ricky Wei posted a comment on ticket #102

    Hi, thank you for provide such good things. By the way, I want to know how do you add watermark for the pdf? (I draw text as watermark but it can not be removed by this tool). Thanks.

  • Ricky Wei Ricky Wei posted a comment on ticket #102

    Hi, thank you for provide such good things. By the way, I want to know how do you add watermark for the pdf? (I draw text as watermark but it can not be removed by this tool). Thanks.

  • Christopher Creutzig Christopher Creutzig created ticket #133

    Invalid font spec found, causing PoDoFo error

  • Matthew Brincke Matthew Brincke posted a comment on ticket #119

    I've started with the implementation of a program to create a one-bit-per-pixel PNG with PNG_FILTER_VALUE_PAETH (only) and one to put that into a PDF w/o re-compression to remedy that there (still) isn't a proper PoC provided.

1 >