Issue 1614 in pdfium: CallocOrDie crash my application
15 views
Skip to first unread message
papa2… via monorail
Nov 9, 2020, 5:54:23 PM11/9/20
to pdfiu...@googlegroups.com
Status: Unconfirmed
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 1614 by papa2...@gmail.com: CallocOrDie crash my application
https://bugs.chromium.org/p/pdfium/issues/detail?id=1614
What steps will reproduce the problem?
1. Load a PDF that requires a lot of memory
2. CPFD_Page:ParseContent() & PrepareContent() call CallocOrDie()
3. FX_OutOfMemoryTerminate call abort();
this is for a 32bits version of a DLL that I build for a Delphi application.
the 64bits version do not have this problem but take a lot of memory, too much for a 32bits version.
What is the expected output? What do you see instead?
-> I'd like to catch this situation and display a memory allocation error
What version of the product are you using? On what operating system?
code from 09/11/2020 22:50:06
Please provide any additional information below.
I don't know C++ very well, I've tried to replace the abort() call in fx_memory.cpp (line 72) by a throw but I have this error: cannot use 'throw' with exceptions disabled
is there any way to manage this ? I've seen the signal() function but how can I exit from the code with decent cleanup ?
my entry point is the FPDF_LoadPage() function.
Thanks
--
You received this message because:
1. The project was configured to send all issue notifications to this address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 1614 by papa2...@gmail.com: CallocOrDie crash my application
https://bugs.chromium.org/p/pdfium/issues/detail?id=1614
What steps will reproduce the problem?
1. Load a PDF that requires a lot of memory
2. CPFD_Page:ParseContent() & PrepareContent() call CallocOrDie()
3. FX_OutOfMemoryTerminate call abort();
this is for a 32bits version of a DLL that I build for a Delphi application.
the 64bits version do not have this problem but take a lot of memory, too much for a 32bits version.
What is the expected output? What do you see instead?
-> I'd like to catch this situation and display a memory allocation error
What version of the product are you using? On what operating system?
code from 09/11/2020 22:50:06
Please provide any additional information below.
I don't know C++ very well, I've tried to replace the abort() call in fx_memory.cpp (line 72) by a throw but I have this error: cannot use 'throw' with exceptions disabled
is there any way to manage this ? I've seen the signal() function but how can I exit from the code with decent cleanup ?
my entry point is the FPDF_LoadPage() function.
Thanks
--
You received this message because:
1. The project was configured to send all issue notifications to this address
You may adjust your notification preferences at:
https://bugs.chromium.org/hosting/settings
papa2… via monorail
Nov 10, 2020, 2:27:51 AM11/10/20
to pdfiu...@googlegroups.com
Comment #1 on issue 1614 by papa2...@gmail.com: CallocOrDie crash my application
https://bugs.chromium.org/p/pdfium/issues/detail?id=1614#c1
I've found a workaround in cpdf_contentparser line 168
m_Size = safeSize.ValueOrDie();
#if !defined(_WIN64)
if (m_Size > 500 * 1024 * 1024) return Stage::kComplete;
#endif
for my test PDF m_Size = 837812224 (799 * 1024 * 1024)
tse… via monorail
Nov 11, 2020, 12:57:26 PM11/11/20
to pdfiu...@googlegroups.com
Comment #2 on issue 1614 by tse...@chromium.org: CallocOrDie crash my application
https://bugs.chromium.org/p/pdfium/issues/detail?id=1614#c2
A better way would be to call FX_TryAlloc() here rather than setting a fixed limit which won't be universally correct across all platforms. It seems reasonable to end the parse right there if it can't buffer the whole document. I'll probably make that change presently.
But there will be other places that may run out of memory as well even if we get past that point. In chrome, we don't care to recover from out of memory, as we have a multi-process architecture - some other process will present the error and/or respawn a new sub-process for the next document. You might consider such an approach yourself.
tse… via monorail
Nov 11, 2020, 1:20:33 PM11/11/20
to pdfiu...@googlegroups.com
Updates:
Owner: tse...@chromium.org
Status: Started
Comment #3 on issue 1614 by tse...@chromium.org: CallocOrDie crash my application
https://bugs.chromium.org/p/pdfium/issues/detail?id=1614#c3
See https://pdfium-review.googlesource.com/c/pdfium/+/76170
Owner: tse...@chromium.org
Status: Started
Comment #3 on issue 1614 by tse...@chromium.org: CallocOrDie crash my application
https://bugs.chromium.org/p/pdfium/issues/detail?id=1614#c3
See https://pdfium-review.googlesource.com/c/pdfium/+/76170
bugdroid via monorail
Nov 11, 2020, 2:07:33 PM11/11/20
to pdfiu...@googlegroups.com
Comment #4 on issue 1614 by bugdroid: CallocOrDie crash my application
https://bugs.chromium.org/p/pdfium/issues/detail?id=1614#c4
The following revision refers to this bug:
https://pdfium.googlesource.com/pdfium/+/f8df798425dcc79e08f1302e7e1cc606a55aa13b
commit f8df798425dcc79e08f1302e7e1cc606a55aa13b
Author: Tom Sepez <tse...@chromium.org>
Date: Wed Nov 11 19:07:26 2020
Handle OOM in CPDF_ContentParser::PrepareContent().
While PDFium is not required to handle OOM in every case, failing
gracefully for extremely large documents early on in the parsing
seems reasonable.
Bug: pdfium:1614
Change-Id: Ibbfdf4120ddf916b2d862d7e8299ece6df955573
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/76170
Reviewed-by: Hui Yingst <ni...@chromium.org>
Commit-Queue: Tom Sepez <tse...@chromium.org>
[modify] https://pdfium.googlesource.com/pdfium/+/f8df798425dcc79e08f1302e7e1cc606a55aa13b/core/fpdfapi/page/cpdf_contentparser.cpp
tse… via monorail
Nov 11, 2020, 2:16:51 PM11/11/20
to pdfiu...@googlegroups.com
Updates:
Status: Fixed
Comment #5 on issue 1614 by tse...@chromium.org: CallocOrDie crash my application
https://bugs.chromium.org/p/pdfium/issues/detail?id=1614#c5
(No comment was entered for this change.)
Status: Fixed
Comment #5 on issue 1614 by tse...@chromium.org: CallocOrDie crash my application
https://bugs.chromium.org/p/pdfium/issues/detail?id=1614#c5
(No comment was entered for this change.)
papa2… via monorail
Nov 12, 2020, 3:53:03 AM11/12/20
to pdfiu...@googlegroups.com
Comment #6 on issue 1614 by papa2...@gmail.com: CallocOrDie crash my application
https://bugs.chromium.org/p/pdfium/issues/detail?id=1614#c6
Hello,
thank you for the patch, it works well !
however, would it be possible to report an error code ?
FPDF_LoadPage() should returns NULL and GetLastError (or equivalent function) should tell about the memory allocation failure.
Best regards
Paul
Reply all
Reply to author
Forward
0 new messages