Fix OOM on reading raw bytes stream

DEVSIX-6937

Author: Egor Martsynkovsky

kernel/src/main/java/com/itextpdf/kernel/exceptions/KernelExceptionMessageConstant.java

@@ -54,6 +54,7 @@ This file is part of the iText (R) project.
 import com.itextpdf.io.util.MessageFormatUtil;
 import com.itextpdf.kernel.PdfException;
 import com.itextpdf.kernel.crypto.securityhandler.UnsupportedSecurityHandlerException;
+import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
 import com.itextpdf.kernel.pdf.filters.FilterHandlers;
 import com.itextpdf.kernel.pdf.filters.IFilterHandler;
 
@@ -381,8 +382,9 @@ public byte[] readStreamBytes(PdfStream stream, boolean decode) throws IOExcepti
      */
     public byte[] readStreamBytesRaw(PdfStream stream) throws IOException {
         PdfName type = stream.getAsName(PdfName.Type);
-        if (!PdfName.XRefStm.equals(type) && !PdfName.ObjStm.equals(type))
+        if (!PdfName.XRef.equals(type) && !PdfName.ObjStm.equals(type)) {
             checkPdfStreamLength(stream);
+        }
         long offset = stream.getOffset();
         if (offset <= 0)
             return null;
@@ -392,7 +394,7 @@ public byte[] readStreamBytesRaw(PdfStream stream) throws IOException {
         RandomAccessFileOrArray file = tokens.getSafeFile();
         byte[] bytes = null;
         try {
-            file.seek(stream.getOffset());
+            file.seek(offset);
             bytes = new byte[length];
             file.readFully(bytes);
             boolean embeddedStream = pdfDocument.doesStreamBelongToEmbeddedFile(stream);
@@ -1416,21 +1418,24 @@ private void checkPdfStreamLength(PdfStream pdfStream) throws IOException {
                 line.reset();
 
                 // added boolean because of mailing list issue (17 Feb. 2014)
-                if (!tokens.readLineSegment(line, false))
+                if (!tokens.readLineSegment(line, false)) {
+                    if (!StrictnessLevel.CONSERVATIVE.isStricter(this.strictnessLevel)) {
+                        throw new PdfException(KernelExceptionMessageConstant.STREAM_SHALL_END_WITH_ENDSTREAM);
+                    }
                     break;
+                }
                 if (line.startsWith(endstream)) {
-                    streamLength = (int) (pos - start);
                     break;
                 } else if (line.startsWith(endobj)) {
                     tokens.seek(pos - 16);
                     String s = tokens.readString(16);
                     int index = s.indexOf(endstream1);
                     if (index >= 0)
                         pos = pos - 16 + index;
-                    streamLength = (int) (pos - start);
                     break;
                 }
             }
+            streamLength = (int) (pos - start);
             tokens.seek(pos - 2);
             if (tokens.read() == 13) {
                 streamLength--;

kernel/src/main/java/com/itextpdf/kernel/pdf/PdfReader.java

@@ -59,12 +59,12 @@ This file is part of the iText (R) project.
 @Category(IntegrationTest.class)
 public class PdfReaderDecodeTest extends ExtendedITextTest {
 
-    public static final String sourceFolder = "./src/test/resources/com/itextpdf/kernel/pdf/PdfReaderDecodeTest/";
+    public static final String SOURCE_FOLDER = "./src/test/resources/com/itextpdf/kernel/pdf/PdfReaderDecodeTest/";
 
     @Test
     public void noMemoryHandlerTest() throws IOException {
         try (PdfDocument pdfDocument = new PdfDocument(new PdfWriter(new ByteArrayOutputStream()));
-                FileInputStream is = new FileInputStream(sourceFolder + "stream")) {
+                FileInputStream is = new FileInputStream(SOURCE_FOLDER + "stream")) {
             byte[] b = new byte[51];
             is.read(b);
 
@@ -97,7 +97,7 @@ public void noMemoryHandlerTest() throws IOException {
     })
     public void defaultMemoryHandlerTest() throws IOException {
         try (PdfDocument pdfDocument = new PdfDocument(
-                new PdfReader(sourceFolder + "timing.pdf"),
+                new PdfReader(SOURCE_FOLDER + "timing.pdf"),
                 new PdfWriter(new ByteArrayOutputStream()))) {
             PdfStream stream = pdfDocument.getFirstPage().getContentStream(0);
             byte[] b = stream.getBytes(false);
@@ -128,7 +128,7 @@ public void customMemoryHandlerSingleTest() throws IOException {
         handler.setMaxSizeOfSingleDecompressedPdfStream(1000);
 
         try (PdfDocument pdfDocument = new PdfDocument(
-                new PdfReader(sourceFolder + "timing.pdf",
+                new PdfReader(SOURCE_FOLDER + "timing.pdf",
                         new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
                 new PdfWriter(new ByteArrayOutputStream()))) {
 
@@ -165,7 +165,7 @@ public void oneFilterCustomMemoryHandlerSingleTest() throws IOException {
         handler.setMaxSizeOfSingleDecompressedPdfStream(20);
 
         try (PdfDocument pdfDocument = new PdfDocument(
-                new PdfReader(sourceFolder + "timing.pdf",
+                new PdfReader(SOURCE_FOLDER + "timing.pdf",
                         new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
                 new PdfWriter(new ByteArrayOutputStream()))) {
 
@@ -175,10 +175,10 @@ public void oneFilterCustomMemoryHandlerSingleTest() throws IOException {
             PdfArray array = new PdfArray();
             stream.put(PdfName.Filter, array);
 
-            // Limit is reached, but the stream has no filters. Therefore we don't consider ot to be suspicious
+            // Limit is reached, but the stream has no filters. Therefore, we don't consider it to be suspicious.
             Assert.assertEquals(51, PdfReader.decodeBytes(b, stream).length);
 
-            // Limit is reached, but the stream has only one filter. Therefore we don't consider ot to be suspicious
+            // Limit is reached, but the stream has only one filter. Therefore, we don't consider it to be suspicious.
             array.add(PdfName.Fl);
             Assert.assertEquals(40, PdfReader.decodeBytes(b, stream).length);
         }
@@ -199,7 +199,7 @@ public boolean isMemoryLimitsAwarenessRequiredOnDecompression(PdfArray filters)
         handler.setMaxSizeOfSingleDecompressedPdfStream(20);
 
         try (PdfDocument pdfDocument = new PdfDocument(
-                new PdfReader(sourceFolder + "timing.pdf",
+                new PdfReader(SOURCE_FOLDER + "timing.pdf",
                         new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
                 new PdfWriter(new ByteArrayOutputStream()))) {
 
@@ -210,7 +210,7 @@ public boolean isMemoryLimitsAwarenessRequiredOnDecompression(PdfArray filters)
             stream.put(PdfName.Filter, array);
             array.add(PdfName.Fl);
 
-            // Limit is reached, and the stream with one filter is considered to be suspicious
+            // Limit is reached, and the stream with one filter is considered to be suspicious.
             Exception e = Assert.assertThrows(MemoryLimitsAwareException.class,
                     () -> PdfReader.decodeBytes(b, stream)
             );
@@ -234,7 +234,7 @@ public boolean isMemoryLimitsAwarenessRequiredOnDecompression(PdfArray filters)
         handler.setMaxSizeOfSingleDecompressedPdfStream(20);
 
         try (PdfDocument pdfDocument = new PdfDocument(
-                new PdfReader(sourceFolder + "timing.pdf",
+                new PdfReader(SOURCE_FOLDER + "timing.pdf",
                         new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
                 new PdfWriter(new ByteArrayOutputStream()))) {
 
@@ -246,8 +246,7 @@ public boolean isMemoryLimitsAwarenessRequiredOnDecompression(PdfArray filters)
             array.add(PdfName.Fl);
             array.add(PdfName.Fl);
 
-            // Limit is reached but the stream with several copies of the filter is not considered
-            // to be suspicious
+            // Limit is reached but the stream with several copies of the filter is not considered to be suspicious.
             PdfReader.decodeBytes(b, stream);
         }
     }
@@ -278,7 +277,7 @@ public void customMemoryHandlerSumTest() throws IOException {
         handler.setMaxSizeOfDecompressedPdfStreamsSum(100000);
 
         try (PdfDocument pdfDocument = new PdfDocument(
-                new PdfReader(sourceFolder + "timing.pdf",
+                new PdfReader(SOURCE_FOLDER + "timing.pdf",
                         new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
                 new PdfWriter(new ByteArrayOutputStream()))) {
 
@@ -302,7 +301,7 @@ public void pageSumTest() throws IOException {
         handler.setMaxSizeOfDecompressedPdfStreamsSum(1500000);
 
         try (PdfDocument pdfDocument = new PdfDocument(
-                new PdfReader(sourceFolder + "timing.pdf",
+                new PdfReader(SOURCE_FOLDER + "timing.pdf",
                         new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
                 new PdfWriter(new ByteArrayOutputStream()))) {
 
@@ -323,7 +322,7 @@ public void pageAsSingleStreamTest() throws IOException {
         handler.setMaxSizeOfSingleDecompressedPdfStream(1500000);
 
         try (PdfDocument pdfDocument = new PdfDocument(
-                new PdfReader(sourceFolder + "timing.pdf",
+                new PdfReader(SOURCE_FOLDER + "timing.pdf",
                         new ReaderProperties().setMemoryLimitsAwareHandler(handler)),
                 new PdfWriter(new ByteArrayOutputStream()))) {
 

kernel/src/test/java/com/itextpdf/kernel/pdf/PdfReaderDecodeTest.java

@@ -50,7 +50,11 @@ This file is part of the iText (R) project.
 import com.itextpdf.io.util.FileUtil;
 import com.itextpdf.io.util.MessageFormatUtil;
 import com.itextpdf.kernel.PdfException;
+import com.itextpdf.kernel.exceptions.KernelExceptionMessageConstant;
+import com.itextpdf.kernel.pdf.PdfReader.StrictnessLevel;
 import com.itextpdf.kernel.utils.CompareTool;
+import com.itextpdf.kernel.xmp.XMPException;
+import com.itextpdf.test.AssertUtil;
 import com.itextpdf.test.ExtendedITextTest;
 import com.itextpdf.test.annotations.LogMessage;
 import com.itextpdf.test.annotations.LogMessages;
@@ -2045,7 +2049,7 @@ public void notCloseUserStreamTest() throws IOException {
             Assert.assertEquals(-1, pdfStream.read());
         }
     }
-    
+
     private static File copyFileForTest(String fileName, String copiedFileName) throws IOException {
         File copiedFile = new File(copiedFileName);
         Files.copy(Paths.get(fileName), Paths.get(copiedFileName));
@@ -2063,6 +2067,45 @@ private void readingNotCompletedTest(PdfReader reader) {
         Assert.assertEquals(PdfException.DocumentHasNotBeenReadYet, e.getMessage());
     }
 
+    @Test
+    public void streamWithoutEndstreamKeywordTest() throws IOException, XMPException {
+        final String fileName = sourceFolder + "NoEndstreamKeyword.pdf";
+        try (PdfReader reader = new PdfReader(fileName)) {
+            reader.setStrictnessLevel(StrictnessLevel.LENIENT);
+            try (PdfDocument document = new PdfDocument(reader)) {
+                final PdfCatalog catalog = new PdfCatalog((PdfDictionary) reader.trailer
+                        .get(PdfName.Root, true));
+                final PdfStream xmpMetadataStream = catalog.getPdfObject().getAsStream(PdfName.Metadata);
+                final int xmpMetadataStreamLength = ((PdfNumber) xmpMetadataStream.get(PdfName.Length)).intValue();
+
+                // 27600 is actual invalid length of stream. In reader StrictnessLevel#LENIENT we expect, that this
+                // length will be fixed.
+                Assert.assertNotEquals(27600, xmpMetadataStreamLength);
+
+                // 3090 is expected length of the stream after fix.
+                Assert.assertEquals(3090, xmpMetadataStreamLength);
+            }
+        }
+    }
+
+    @Test
+    public void streamWithoutEndstreamKeywordConservativeModeTest() throws IOException, XMPException {
+        final String fileName = sourceFolder + "NoEndstreamKeyword.pdf";
+        try (PdfReader reader = new PdfReader(fileName)) {
+            reader.setStrictnessLevel(StrictnessLevel.CONSERVATIVE);
+
+            Exception exception = Assert.assertThrows(PdfException.class, () -> new PdfDocument(reader));
+            Assert.assertEquals(KernelExceptionMessageConstant.STREAM_SHALL_END_WITH_ENDSTREAM, exception.getMessage());
+
+            PdfCatalog catalog = new PdfCatalog((PdfDictionary) reader.trailer.get(PdfName.Root, true));
+            PdfStream xmpMetadataStream = catalog.getPdfObject().getAsStream(PdfName.Metadata);
+
+            // 27600 is actual invalid length of stream. In reader StrictnessLevel#CONSERVATIVE we expect, that
+            // exception would be thrown and length wouldn't be fixed.
+            Assert.assertEquals(27600, ((PdfNumber) xmpMetadataStream.get(PdfName.Length)).intValue());
+        }
+    }
+
     /**
      * Returns the current memory use.
      *