Security: pdfium_test: CPU consumption/hang when parsing crafted PDF
Reported by
agostino...@gmail.com,
Aug 18 2016
|
||||||||||||
Issue descriptionHello, The attached PDF, which is big ~7,4k, takes here, the 100% of the CPU for 33 minutes. At the end it exit normally without errors. CPU details: Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz VERSION: Pdfium version at this commit: https://pdfium.googlesource.com/pdfium/+/b4694249b336d1c0bea9222880b49dcf9284791d compiled as recommended here: https://pdfium.googlesource.com/pdfium/ Operating System: [Gentoo, kernel-4.4.8] REPRODUCTION CASE pdfium_test $ATTACHED_PDF
,
Aug 18 2016
Confirm that pdfium_test freezes when rendering this file. + jam@, could you help triage this bug since you are one of the owners of third_party/pdfium? Thanks!
,
Aug 18 2016
Dan gets these reports nowadays.
,
Aug 19 2016
,
Aug 22 2016
Moving to the correct component.
,
Sep 12 2016
This seems to be spending all of it's time in font rendering. On Mac, it takes about 1:30 to render the file, of which 99.9% of the tmie is in CGDrawGlyphRun(). This comes through CFX_RenderDevice::DrawNormalText -> CFX_AggDeviceDriver::DrawDeviceText(). On linux I didn't do a full run as it takes a long time, after running for a few minutes I got the following. The path is a bit different, we go through CFX_RenderDevice::DrawNormalText but then drop into freetype code. Of the freetype code, we spend 97.65% of the time in _ft_lcd_filter_fir (that's self time, so that method is doing a _lot_ of work). I wonder, if on Linux, we're getting glyph misses as we go through CFX_FaceCache::LookUpGlyphBitmap and CFX_FaceCache::RenderGlyph all the time. Or, maybe there are just that many glyphs in the file?
,
Sep 14 2016
,
Sep 14 2016
The following revision refers to this bug: https://pdfium.googlesource.com/pdfium.git/+/8b1ed16144925205a34e3796b57db72dd6ee6a89 commit 8b1ed16144925205a34e3796b57db72dd6ee6a89 Author: npm <npm@chromium.org> Date: Wed Sep 14 16:00:50 2016 Map glyph bitmap in LookUpGlyphBitmap even when unsuccessful CFX_FaceCache::LookUpGlyphBitMap should remember its unsuccessful glyph bitmap calculations. This is especially important if there are a lot of repeated requests for the same glyph with large bitmaps (which means long calculations in freetype). With this CL, the pdf in the bug below will be rendered quickly. BUG= chromium:638856 Review-Url: https://codereview.chromium.org/2338883004 [modify] https://crrev.com/8b1ed16144925205a34e3796b57db72dd6ee6a89/core/fxge/ge/cfx_facecache.cpp
,
Sep 14 2016
,
Sep 14 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c69798bd660c62a0619f4fab6d25a82df95677b9 commit c69798bd660c62a0619f4fab6d25a82df95677b9 Author: pdfium-deps-roller <pdfium-deps-roller@chromium.org> Date: Wed Sep 14 17:37:40 2016 Roll src/third_party/pdfium/ 79db60994..8b1ed1614 (1 commit). https://pdfium.googlesource.com/pdfium.git/+log/79db609948b0..8b1ed1614492 $ git log 79db60994..8b1ed1614 --date=short --no-merges --format='%ad %ae %s' 2016-09-14 npm Map glyph bitmap in LookUpGlyphBitmap even when unsuccessful BUG= 638856 TBR=dsinclair@chromium.org Review-Url: https://codereview.chromium.org/2332333004 Cr-Commit-Position: refs/heads/master@{#418605} [modify] https://crrev.com/c69798bd660c62a0619f4fab6d25a82df95677b9/DEPS |
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by ClusterFuzz
, Aug 18 2016