#41 infinite loop at pdftranslator.cpp:109-119 in the do-while block

[Tao]

Hi, there is an infinite loop bugs at "do while" tools/podofoimpose/pdftranslator.cpp:109-119.
The attached poc can make the getline function return false but !in.eof keeps true. The getline function returns false because there is a stream's error badbit (stream's error state flags have eofbit, failbit and badbit).
I have tested this poc in different computers with v0.9.6 and the lasted commit, they all can cause infinite loop.

                do
                {
                    in.getline ( filenameBuffer, 1000 );
                    std::string ts ( filenameBuffer, in.gcount() );
                    if ( ts.size() > 4 ) // at least ".pdf" because just test if ts is empty doesn't work.
                    {
                        multiSource.push_back ( ts );
                        std::cerr << "Appending "<< ts <<" to source" << endl;
                    }
                }
                while ( !in.eof() );

[Tao]

The reason why getline returns badbit is that there is one line(line:183) which has 1315 words more thant the readline limit 1000 at poc.

[Tao]

execution command ./podofoimpose poc output native

[Matthew Brincke]

Setting to "pending" to await corroboration of the correctness of my change to fix this (in svn r1982). I have tested it (OK, no new warnings) with GCC 4.8 and clang 3.8 in a Debian 8 derivate, further with GCC 7.3 and clang 7.0 in Ubuntu Linux "bionic" (18.04 LTS).

[Tao]

Hi, thanks for your reply. Can this bug apply for a CVE?

[Matthew Brincke]

I'm no expert on such matters, but IMHO it could be a "Denial of Service" vulnerability. AFAIK no project member is required for reporting this to MITRE via their CVE reporting web form, i.e. you could also do it.