itext
diff --git a/‎kernel/findbugs-filter.xml
Lines changed: 10 additions & 0 deletions b/‎kernel/findbugs-filter.xml
Lines changed: 10 additions & 0 deletions
diff --git a/‎kernel/src/main/java/com/itextpdf/kernel/PdfException.java
Lines changed: 3 additions & 0 deletions b/‎kernel/src/main/java/com/itextpdf/kernel/PdfException.java
Lines changed: 3 additions & 0 deletions
diff --git a/‎kernel/src/main/java/com/itextpdf/kernel/pdf/MemoryLimitsAwareException.java
Lines changed: 78 additions & 0 deletions b/‎kernel/src/main/java/com/itextpdf/kernel/pdf/MemoryLimitsAwareException.java
Lines changed: 78 additions & 0 deletions
diff --git a/‎kernel/src/main/java/com/itextpdf/kernel/pdf/MemoryLimitsAwareFilter.java
Lines changed: 76 additions & 0 deletions b/‎kernel/src/main/java/com/itextpdf/kernel/pdf/MemoryLimitsAwareFilter.java
Lines changed: 76 additions & 0 deletions
diff --git a/‎kernel/src/main/java/com/itextpdf/kernel/pdf/MemoryLimitsAwareHandler.java
Lines changed: 203 additions & 0 deletions b/‎kernel/src/main/java/com/itextpdf/kernel/pdf/MemoryLimitsAwareHandler.java
Lines changed: 203 additions & 0 deletions
@@ -470,4 +470,14 @@
         <Method name="open"/>
         <Bug pattern="PRMC_POSSIBLY_REDUNDANT_METHOD_CALLS"/>
     </Match>
+    <Match>
+        <Class name="com.itextpdf.kernel.pdf.filters.FlateDecodeFilter"/>
+        <Method name="flateDecode"/>
+        <Bug pattern="EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS"/>
+    </Match>
+    <Match>
+        <Class name="com.itextpdf.kernel.pdf.filters.FlateDecodeStrictFilter"/>
+        <Method name="flateDecode"/>
+        <Bug pattern="EXS_EXCEPTION_SOFTENING_NO_CONSTRAINTS"/>
+    </Match>
 </FindBugsFilter>
@@ -144,6 +144,9 @@ public class PdfException extends RuntimeException {
     public static final String DocumentHasNoPdfCatalogObject = "Document has no PDF Catalog object.";
     public static final String DocumentMustBePreClosed = "Document must be preClosed.";
     public static final String DocumentForCopyToCannotBeNull = "Document for copyTo cannot be null.";
+    public static final String DuringDecompressionMultipleStreamsInSumOccupiedMoreMemoryThanAllowed = "During decompression multiple streams in sum occupied more memory than allowed. Please either check your pdf or increase the allowed single decompressed pdf stream maximum size value by setting the appropriate parameter of ReaderProperties's MemoryLimitsAwareHandler.";
+    public static final String DuringDecompressionSingleStreamOccupiedMoreMemoryThanAllowed = "During decompression a single stream occupied more memory than allowed. Please either check your pdf or increase the allowed multiple decompressed pdf streams maximum size value by setting the appropriate parameter of ReaderProperties's MemoryLimitsAwareHandler.";
+    public static final String DuringDecompressionSingleStreamOccupiedMoreThanMaxIntegerValue = "During decompression a single stream occupied more than a maximum integer value. Please check your pdf.";
     public static final String EndOfContentStreamReachedBeforeEndOfImageData = "End of content stream reached before end of image data.";
     public static final String ErrorWhileReadingObjectStream = "Error while reading Object Stream.";
     public static final String EncryptedPayloadFileSpecDoesntHaveEncryptedPayloadDictionary = "Encrypted payload file spec shall have encrypted payload dictionary.";
 
@@ -0,0 +1,78 @@
+/*
+    This file is part of the iText (R) project.
+    Copyright (c) 1998-2019 iText Group NV
+    Authors: iText Software.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License version 3
+    as published by the Free Software Foundation with the addition of the
+    following permission added to Section 15 as permitted in Section 7(a):
+    FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+    ITEXT GROUP. ITEXT GROUP DISCLAIMS THE WARRANTY OF NON INFRINGEMENT
+    OF THIRD PARTY RIGHTS
+
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.
+    See the GNU Affero General Public License for more details.
+    You should have received a copy of the GNU Affero General Public License
+    along with this program; if not, see http://www.gnu.org/licenses or write to
+    the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+    Boston, MA, 02110-1301 USA, or download the license from the following URL:
+    http://itextpdf.com/terms-of-use/
+
+    The interactive user interfaces in modified source and object code versions
+    of this program must display Appropriate Legal Notices, as required under
+    Section 5 of the GNU Affero General Public License.
+
+    In accordance with Section 7(b) of the GNU Affero General Public License,
+    a covered work must retain the producer line in every PDF that is created
+    or manipulated using iText.
+
+    You can be released from the requirements of the license by purchasing
+    a commercial license. Buying such a license is mandatory as soon as you
+    develop commercial activities involving the iText software without
+    disclosing the source code of your own applications.
+    These activities include: offering paid services to customers as an ASP,
+    serving PDFs on the fly in a web application, shipping iText with a closed
+    source product.
+
+    For more information, please contact iText Software Corp. at this
+    address: [email protected]
+ */
+package com.itextpdf.kernel.pdf;
+
+import com.itextpdf.kernel.PdfException;
+
+/**
+ * Exception class for exceptions occurred during decompressed pdf streams processing.
+ */
+public class MemoryLimitsAwareException extends PdfException {
+    /**
+     * Creates a new instance of MemoryLimitsAwareException.
+     *
+     * @param message the detail message.
+     */
+    public MemoryLimitsAwareException(String message) {
+        super(message);
+    }
+
+    /**
+     * Creates a new instance of MemoryLimitsAwareException.
+     *
+     * @param cause the cause (which is saved for later retrieval by {@link #getCause()} method).
+     */
+    public MemoryLimitsAwareException(Throwable cause) {
+        this(UnknownPdfException, cause);
+    }
+
+    /**
+     * Creates a new instance of MemoryLimitsAwareException.
+     *
+     * @param message the detail message.
+     * @param cause   the cause (which is saved for later retrieval by {@link #getCause()} method).
+     */
+    public MemoryLimitsAwareException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}
@@ -0,0 +1,76 @@
+/*
+    This file is part of the iText (R) project.
+    Copyright (c) 1998-2019 iText Group NV
+    Authors: iText Software.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License version 3
+    as published by the Free Software Foundation with the addition of the
+    following permission added to Section 15 as permitted in Section 7(a):
+    FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+    ITEXT GROUP. ITEXT GROUP DISCLAIMS THE WARRANTY OF NON INFRINGEMENT
+    OF THIRD PARTY RIGHTS
+
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.
+    See the GNU Affero General Public License for more details.
+    You should have received a copy of the GNU Affero General Public License
+    along with this program; if not, see http://www.gnu.org/licenses or write to
+    the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+    Boston, MA, 02110-1301 USA, or download the license from the following URL:
+    http://itextpdf.com/terms-of-use/
+
+    The interactive user interfaces in modified source and object code versions
+    of this program must display Appropriate Legal Notices, as required under
+    Section 5 of the GNU Affero General Public License.
+
+    In accordance with Section 7(b) of the GNU Affero General Public License,
+    a covered work must retain the producer line in every PDF that is created
+    or manipulated using iText.
+
+    You can be released from the requirements of the license by purchasing
+    a commercial license. Buying such a license is mandatory as soon as you
+    develop commercial activities involving the iText software without
+    disclosing the source code of your own applications.
+    These activities include: offering paid services to customers as an ASP,
+    serving PDFs on the fly in a web application, shipping iText with a closed
+    source product.
+
+    For more information, please contact iText Software Corp. at this
+    address: [email protected]
+ */
+package com.itextpdf.kernel.pdf;
+
+import com.itextpdf.kernel.pdf.filters.IFilterHandler;
+
+import java.io.ByteArrayOutputStream;
+
+/**
+ * Handles memory limits aware processing.
+ *
+ * @see {@link MemoryLimitsAwareHandler}
+ */
+public abstract class MemoryLimitsAwareFilter implements IFilterHandler {
+
+    /**
+     * Creates a {@link MemoryLimitsAwareOutputStream} which will be used for decompression of the passed pdf stream.
+     *
+     * @param streamDictionary the pdf stream which is going to be decompressed.
+     * @return the {@link ByteArrayOutputStream} which will be used for decompression of the passed pdf stream
+     */
+    public ByteArrayOutputStream enableMemoryLimitsAwareHandler(PdfDictionary streamDictionary) {
+        MemoryLimitsAwareOutputStream outputStream = new MemoryLimitsAwareOutputStream();
+        MemoryLimitsAwareHandler memoryLimitsAwareHandler = null;
+        if (null != streamDictionary.getIndirectReference()) {
+            memoryLimitsAwareHandler = streamDictionary.getIndirectReference().getDocument().memoryLimitsAwareHandler;
+        } else {
+            // We do not reuse some static instance because one can process pdfs in different threads.
+            memoryLimitsAwareHandler = new MemoryLimitsAwareHandler();
+        }
+        if (null != memoryLimitsAwareHandler && memoryLimitsAwareHandler.considerCurrentPdfStream) {
+            outputStream.setMaxStreamSize(memoryLimitsAwareHandler.getMaxSizeOfSingleDecompressedPdfStream());
+        }
+        return outputStream;
+    }
+}
@@ -0,0 +1,203 @@
+/*
+    This file is part of the iText (R) project.
+    Copyright (c) 1998-2019 iText Group NV
+    Authors: iText Software.
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU Affero General Public License version 3
+    as published by the Free Software Foundation with the addition of the
+    following permission added to Section 15 as permitted in Section 7(a):
+    FOR ANY PART OF THE COVERED WORK IN WHICH THE COPYRIGHT IS OWNED BY
+    ITEXT GROUP. ITEXT GROUP DISCLAIMS THE WARRANTY OF NON INFRINGEMENT
+    OF THIRD PARTY RIGHTS
+
+    This program is distributed in the hope that it will be useful, but
+    WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+    or FITNESS FOR A PARTICULAR PURPOSE.
+    See the GNU Affero General Public License for more details.
+    You should have received a copy of the GNU Affero General Public License
+    along with this program; if not, see http://www.gnu.org/licenses or write to
+    the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+    Boston, MA, 02110-1301 USA, or download the license from the following URL:
+    http://itextpdf.com/terms-of-use/
+
+    The interactive user interfaces in modified source and object code versions
+    of this program must display Appropriate Legal Notices, as required under
+    Section 5 of the GNU Affero General Public License.
+
+    In accordance with Section 7(b) of the GNU Affero General Public License,
+    a covered work must retain the producer line in every PDF that is created
+    or manipulated using iText.
+
+    You can be released from the requirements of the license by purchasing
+    a commercial license. Buying such a license is mandatory as soon as you
+    develop commercial activities involving the iText software without
+    disclosing the source code of your own applications.
+    These activities include: offering paid services to customers as an ASP,
+    serving PDFs on the fly in a web application, shipping iText with a closed
+    source product.
+
+    For more information, please contact iText Software Corp. at this
+    address: [email protected]
+ */
+package com.itextpdf.kernel.pdf;
+
+import com.itextpdf.kernel.PdfException;
+
+import java.io.Serializable;
+
+/**
+ * A {@link MemoryLimitsAwareHandler} handles memory allocation and prevents decompressed pdf streams from occupation of more space than allowed.
+ */
+public class MemoryLimitsAwareHandler implements Serializable {
+
+    private static final long serialVersionUID = 2499046471291214639L;
+
+    private static final int SINGLE_SCALE_COEFFICIENT = 100;
+    private static final int SUM_SCALE_COEFFICIENT = 500;
+
+    private static final int SINGLE_DECOMPRESSED_PDF_STREAM_MIN_SIZE = Integer.MAX_VALUE / 100;
+    private static final long SUM_OF_DECOMPRESSED_PDF_STREAMW_MIN_SIZE = Integer.MAX_VALUE / 20;
+
+    private int maxSizeOfSingleDecompressedPdfStream;
+    private long maxSizeOfDecompressedPdfStreamsSum;
+
+    private long allMemoryUsedForDecompression = 0;
+    private long memoryUsedForCurrentPdfStreamDecompression = 0;
+
+    boolean considerCurrentPdfStream = false;
+
+    /**
+     * Creates a {@link MemoryLimitsAwareHandler} which will be used to handle decompression of pdf streams.
+     * The max allowed memory limits will be generated by default.
+     */
+    public MemoryLimitsAwareHandler() {
+        maxSizeOfSingleDecompressedPdfStream = SINGLE_DECOMPRESSED_PDF_STREAM_MIN_SIZE;
+        maxSizeOfDecompressedPdfStreamsSum = SUM_OF_DECOMPRESSED_PDF_STREAMW_MIN_SIZE;
+    }
+
+    /**
+     * Creates a {@link MemoryLimitsAwareHandler} which will be used to handle decompression of pdf streams.
+     * The max allowed memory limits will be generated by default, based on the size of the document.
+     *
+     * @param documentSize the size of the document, which is going to be handled by iText.
+     */
+    public MemoryLimitsAwareHandler(long documentSize) {
+        maxSizeOfSingleDecompressedPdfStream = (int) calculateDefaultParameter(documentSize, SINGLE_SCALE_COEFFICIENT, SINGLE_DECOMPRESSED_PDF_STREAM_MIN_SIZE);
+        maxSizeOfDecompressedPdfStreamsSum = calculateDefaultParameter(documentSize, SUM_SCALE_COEFFICIENT, SUM_OF_DECOMPRESSED_PDF_STREAMW_MIN_SIZE);
+    }
+
+    /**
+     * Gets the maximum allowed size which can be occupied by a single decompressed pdf stream.
+     *
+     * @return the maximum allowed size which can be occupied by a single decompressed pdf stream.
+     */
+    public int getMaxSizeOfSingleDecompressedPdfStream() {
+        return maxSizeOfSingleDecompressedPdfStream;
+    }
+
+    /**
+     * Sets the maximum allowed size which can be occupied by a single decompressed pdf stream.
+     * This value correlates with maximum heap size. This value should not exceed limit of the heap size.
+     *
+     * iText will throw an exception if during decompression a pdf stream with two or more filters of identical type
+     * occupies more memory than allowed.
+     *
+     * @param maxSizeOfSingleDecompressedPdfStream the maximum allowed size which can be occupied by a single decompressed pdf stream.
+     * @return this {@link MemoryLimitsAwareHandler} instance.
+     */
+    public MemoryLimitsAwareHandler setMaxSizeOfSingleDecompressedPdfStream(int maxSizeOfSingleDecompressedPdfStream) {
+        this.maxSizeOfSingleDecompressedPdfStream = maxSizeOfSingleDecompressedPdfStream;
+        return this;
+    }
+
+    /**
+     * Gets the maximum allowed size which can be occupied by all decompressed pdf streams.
+     *
+     * @return the maximum allowed size value which streams may occupy
+     */
+    public long getMaxSizeOfDecompressedPdfStreamsSum() {
+        return maxSizeOfDecompressedPdfStreamsSum;
+    }
+
+    /**
+     * Sets the maximum allowed size which can be occupied by all decompressed pdf streams.
+     * This value can be limited by the maximum expected PDF file size when it's completely decompressed.
+     * Setting this value correlates with the maximum processing time spent on document reading
+     *
+     * iText will throw an exception if during decompression pdf streams with two or more filters of identical type
+     * occupy more memory than allowed.
+     *
+     * @param maxSizeOfDecompressedPdfStreamsSum he maximum allowed size which can be occupied by all decompressed pdf streams.
+     * @return this {@link MemoryLimitsAwareHandler} instance.
+     */
+    public MemoryLimitsAwareHandler setMaxSizeOfDecompressedPdfStreamsSum(long maxSizeOfDecompressedPdfStreamsSum) {
+        this.maxSizeOfDecompressedPdfStreamsSum = maxSizeOfDecompressedPdfStreamsSum;
+        return this;
+    }
+
+    /**
+     * Considers the number of bytes which are occupied by the decompressed pdf stream.
+     * If memory limits have not been faced, throws an exception.
+     *
+     * @param numOfOccupiedBytes the number of bytes which are occupied by the decompressed pdf stream.
+     * @return this {@link MemoryLimitsAwareHandler} instance.
+     * @see {@link MemoryLimitsAwareException}
+     */
+    MemoryLimitsAwareHandler considerBytesOccupiedByDecompressedPdfStream(long numOfOccupiedBytes) {
+        if (considerCurrentPdfStream && memoryUsedForCurrentPdfStreamDecompression < numOfOccupiedBytes) {
+            memoryUsedForCurrentPdfStreamDecompression = numOfOccupiedBytes;
+            if (memoryUsedForCurrentPdfStreamDecompression > maxSizeOfSingleDecompressedPdfStream) {
+                throw new MemoryLimitsAwareException(PdfException.DuringDecompressionSingleStreamOccupiedMoreMemoryThanAllowed);
+            }
+        }
+        return this;
+    }
+
+    /**
+     * Begins handling of current pdf stream decompression.
+     *
+     * @return this {@link MemoryLimitsAwareHandler} instance.
+     */
+    MemoryLimitsAwareHandler beginDecompressedPdfStreamProcessing() {
+        ensureCurrentStreamIsReset();
+        considerCurrentPdfStream = true;
+        return this;
+    }
+
+    /**
+     * Ends handling of current pdf stream decompression.
+     * If memory limits have not been faced, throws an exception.
+     *
+     * @return this {@link MemoryLimitsAwareHandler} instance.
+     * @see {@link MemoryLimitsAwareException}
+     */
+    MemoryLimitsAwareHandler endDecompressedPdfStreamProcessing() {
+        allMemoryUsedForDecompression += memoryUsedForCurrentPdfStreamDecompression;
+        if (allMemoryUsedForDecompression > maxSizeOfDecompressedPdfStreamsSum) {
+            throw new MemoryLimitsAwareException(PdfException.DuringDecompressionMultipleStreamsInSumOccupiedMoreMemoryThanAllowed);
+        }
+        ensureCurrentStreamIsReset();
+        considerCurrentPdfStream = false;
+        return this;
+    }
+
+    long getAllMemoryUsedForDecompression() {
+        return allMemoryUsedForDecompression;
+    }
+
+    private static long calculateDefaultParameter(long documentSize, int scale, long min) {
+        long result = documentSize * scale;
+        if (result < min) {
+            result = min;
+        }
+        if (result > min * scale) {
+            result = min * scale;
+        }
+        return result;
+    }
+
+    private void ensureCurrentStreamIsReset() {
+        memoryUsedForCurrentPdfStreamDecompression = 0;
+    }
+}