Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Quadratic runtime with malformed PDF missing xref marker #582

Closed
Google-Autofuzz opened this issue Nov 13, 2020 · 2 comments
Closed

Quadratic runtime with malformed PDF missing xref marker #582

Google-Autofuzz opened this issue Nov 13, 2020 · 2 comments
Labels
is-bug From a users perspective, this is a bug - a violation of the expected behavior with a compliant PDF is-robustness-issue From a users perspective, this is about robustness nf-security Non-functional change: Security

Comments

@Google-Autofuzz
Copy link

Google-Autofuzz commented Nov 13, 2020
edited by MartinThoma
Loading

When running the following code with PyPDF2==1.27.8 on the attached input results in 100% CPU consumption for an arbitrary long time.

MCVE

PDF: test.pdf

from PyPDF2 import PdfFileReader

reader = PdfFileReader("test.pdf")
@Google-Autofuzz Google-Autofuzz changed the title Inifinite loop with malformed PDF Infinite loop with malformed PDF Nov 13, 2020
@MartinThoma MartinThoma added is-bug From a users perspective, this is a bug - a violation of the expected behavior with a compliant PDF is-robustness-issue From a users perspective, this is about robustness labels Apr 7, 2022
@MartinThoma
Copy link
Member

MartinThoma commented Apr 24, 2022
edited
Loading

The PDF is hopelessly broken:

$ cat issue-582.pdf 
ang��H
%s/I\ʱ\\\\\\\\\\\\\\\\\\\\\\\\\[\\𝟖\\\
%EO-254536430
%%EOFF�	g
e�
%%EOF%

Investigating

import time
import PyPDF2
import traceback

print(PyPDF2.__version__)

t0 = time.time()
try:
    reader = PyPDF2.PdfFileReader("test.pdf")
except Exception as e:
    print(traceback.format_exc())
    print(e)
t1 = time.time()
print(f"`PyPDF2=={PyPDF2.__version__}` finished after {t1-t0:.3f}s")

Affected Versions

@MartinThoma MartinThoma added the nf-security Non-functional change: Security label Jun 30, 2023
@MartinThoma MartinThoma changed the title Infinite loop with malformed PDF Very long execution time with malformed PDF Jun 30, 2023
@MartinThoma MartinThoma changed the title Very long execution time with malformed PDF Quadratic runtime with malformed PDF Jun 30, 2023
@MartinThoma MartinThoma changed the title Quadratic runtime with malformed PDF Quadratic runtime with malformed PDF missing xref marker Jun 30, 2023
@MartinThoma
Copy link
Member

Reported publicly via GHSA-jrm6-h9cq-8gqw

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
is-bug From a users perspective, this is a bug - a violation of the expected behavior with a compliant PDF is-robustness-issue From a users perspective, this is about robustness nf-security Non-functional change: Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MartinThoma @Google-Autofuzz