Add safety check for max allowed offset in xref table

DEVSIX-8052

Author: guustysebie

kernel/src/main/java/com/itextpdf/kernel/exceptions/KernelExceptionMessageConstant.java

@@ -435,5 +435,10 @@ public final class KernelExceptionMessageConstant {
             "Failed to open the document. Security handler {0} is not supported";
 
     public static final String ARG_SHOULD_NOT_BE_NULL = "{0} should not be null.";
-    private KernelExceptionMessageConstant(){}
+    public static final String XREF_HAS_AN_ENTRY_WITH_TOO_BIG_OFFSET = "Pdf document is to large to "
+            + "use normal cross reference table. Use cross reference streams instead. To enable feature use com.itextpdf"
+            + ".kernel.pdf.WriterProperties#setFullCompressionMode(true). ";
+
+    private KernelExceptionMessageConstant() {
+    }
 }

kernel/src/main/java/com/itextpdf/kernel/pdf/PdfXrefTable.java

@@ -50,6 +50,15 @@ public class PdfXrefTable {
     private static final int INITIAL_CAPACITY = 32;
     private static final int MAX_GENERATION = 65535;
 
+    /**
+     * The maximum offset in a cross-reference stream. This is a limitation of the PDF specification.
+     * SPEC1.7: 7.5.4 Cross reference trailer
+     * <p>
+     *
+     * It states that the offset should be a 10-digit byte, so the maximum value is 9999999999.
+     * This is the max value that can be represented in 10 bytes.
+     */
+    private static final long MAX_OFFSET_IN_CROSS_REFERENCE_STREAM = 9_999_999_999L;
     private static final byte[] freeXRefEntry = ByteUtils.getIsoBytes("f \n");
     private static final byte[] inUseXRefEntry = ByteUtils.getIsoBytes("n \n");
 
@@ -368,7 +377,9 @@ protected void writeXrefTableAndTrailer(PdfDocument document, PdfObject fileId,
                 writer.writeInteger(first).writeSpace().writeInteger(len).writeByte((byte) '\n');
                 for (int i = first; i < first + len; i++) {
                     PdfIndirectReference reference = xrefTable.get(i);
-
+                    if (reference.getOffset() > MAX_OFFSET_IN_CROSS_REFERENCE_STREAM) {
+                        throw new PdfException(KernelExceptionMessageConstant.XREF_HAS_AN_ENTRY_WITH_TOO_BIG_OFFSET);
+                    }
                     StringBuilder off = new StringBuilder("0000000000").append(reference.getOffset());
                     StringBuilder gen = new StringBuilder("00000").append(reference.getGenNumber());
                     writer.writeString(off.substring(off.length() - 10, off.length())).writeSpace().

kernel/src/test/java/com/itextpdf/kernel/pdf/PdfXrefTableUnitTest.java

@@ -22,8 +22,12 @@ This file is part of the iText (R) project.
  */
 package com.itextpdf.kernel.pdf;
 
+import com.itextpdf.io.source.ByteArrayOutputStream;
 import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
 import com.itextpdf.kernel.exceptions.MemoryLimitsAwareException;
+import com.itextpdf.kernel.exceptions.PdfException;
+import com.itextpdf.test.AssertUtil;
+import com.itextpdf.test.ExceptionTestUtil;
 import com.itextpdf.test.ExtendedITextTest;
 import com.itextpdf.test.annotations.type.UnitTest;
 
@@ -128,4 +132,73 @@ public void zeroCapacityInConstructorWithHandlerTest() {
 
         Assert.assertEquals(20, xrefTable.getCapacity());
     }
+
+    @Test
+    public void xRefMaxValueLong() {
+        PdfDocument document = new PdfDocument(new PdfWriter(new ByteArrayOutputStream()));
+        document.xref.add(new PdfIndirectReferenceProxy(document, 11, Long.MAX_VALUE));
+
+        Exception e = Assert.assertThrows(PdfException.class, () -> {
+            document.close();
+        });
+        Assert.assertEquals(KernelExceptionMessageConstant.XREF_HAS_AN_ENTRY_WITH_TOO_BIG_OFFSET, e.getMessage());
+    }
+
+
+    @Test
+    public void maxCrossReferenceOffSetReached() {
+        long justOver10gbLogical = 10_000_000_001L;
+        PdfDocument document = new PdfDocument(new PdfWriter(new ByteArrayOutputStream()));
+        document.xref.add(new PdfIndirectReferenceProxy(document, 11, justOver10gbLogical));
+
+        Exception e = Assert.assertThrows(PdfException.class, () -> {
+            document.close();
+        });
+        Assert.assertEquals(KernelExceptionMessageConstant.XREF_HAS_AN_ENTRY_WITH_TOO_BIG_OFFSET, e.getMessage());
+    }
+
+    @Test
+    public void maxCrossReference() {
+        long justOver10gbLogical = 10_000_000_000L;
+        PdfDocument document = new PdfDocument(new PdfWriter(new ByteArrayOutputStream()));
+        document.xref.add(new PdfIndirectReferenceProxy(document, 11, justOver10gbLogical));
+
+        Exception e = Assert.assertThrows(PdfException.class, () -> {
+            document.close();
+        });
+        Assert.assertEquals(KernelExceptionMessageConstant.XREF_HAS_AN_ENTRY_WITH_TOO_BIG_OFFSET, e.getMessage());
+    }
+
+    @Test
+    public void justBelowXrefThreshold() {
+        long maxAllowedOffset = 10_000_000_000L - 1L;
+        PdfDocument document = new PdfDocument(new PdfWriter(new ByteArrayOutputStream()));
+        document.xref.add(new PdfIndirectReferenceProxy(document, 11, maxAllowedOffset));
+
+        AssertUtil.doesNotThrow(() -> document.close());
+    }
+
+    @Test
+    public void xRefIntMax() {
+        PdfDocument document = new PdfDocument(new PdfWriter(new ByteArrayOutputStream()));
+        document.xref.add(new PdfIndirectReferenceProxy(document, 11, Integer.MAX_VALUE));
+        AssertUtil.doesNotThrow(() -> document.close());
+    }
+
+
+
+
+}
+ class PdfIndirectReferenceProxy extends PdfIndirectReference {
+    private final long offset;
+
+    public PdfIndirectReferenceProxy(PdfDocument document, int objNumber, long offset) {
+        super(document, objNumber);
+        this.offset = offset;
+    }
+
+    @Override
+    public long getOffset() {
+        return offset;
+    }
 }