New issue
Advanced search Search tips
Starred by 2 users

Issue metadata

Status: Fixed
Closed: Aug 2017

Sign in to add a comment

Issue 875: xref loop references cause denial of service

Reported by, Aug 24 2017

Issue description

6 years ago Andreas Bogk pointed out that with xref's in PDF files you can create a loop that will hang evince. It turns out that the very same bug is affecting the chrome internal PDF reader.

The sample file has been published here:
(I'm also attaching it.)

Opening this file in Chrome causes the PDF viewer component to hang and Chrome will use a lot of CPU power. Notably the CPU usage will not go down if you just close the tab with the affected file - you have to close the whole browser. Thus it's a powerful browser DoS.

What steps will reproduce the problem?
1. Download loop_edited.pdf
2. Open it in Chrome
3. PDF component hangs, high CPU load.

What is the expected output? What do you see instead?
pdfium should note the loop and stop trying to render that file.

What version of the product are you using? On what operating system?
Chrome 60.0.3112.101, Gentoo Linux
1.6 KB Download

Comment 1 by, Aug 28 2017

Project Member
I tested with Chrome 62 here, and the attached file just fails to load. We may have recently did something about this?

Comment 2 by, Aug 28 2017

Project Member
Actually Chrome 60 rejects the attached PDF as well here as well.

Comment 3 by, Aug 30 2017

Project Member
Status: Accepted (was: New)
Seems to reproduce on Windows for me. Not sure why it doesn't repro on Linux here.

Comment 4 by, Aug 31 2017

Project Member
... and that's because I was testing it wrong. Now I can reproduce it on Linux in the Chrome PDF Viewer as well. However, pdfium_test doesn't infinite loop.

Comment 5 by, Aug 31 2017

Project Member
The Chrome PDF Viewer makes a FPDFAvail_IsDocAvail() call for non-linearized PDFs for  and pdfium_test does not. That's the function it hangs in, so adding that to pdfium_test makes the bug repro.

Comment 6 by, Aug 31 2017

Project Member
Status: Started (was: Accepted)
It turns out PDFium already has a test case for the same issue with bug_xrefv4_loop.pdf, but its test didn't call FPDFAvail_IsDocAvail() to trigger this issue.

Comment 7 by, Aug 31 2017

Project Member
The following revision refers to this bug:

commit 671f0d4949d412f26fba6c675cfb54b1fc170be0
Author: Lei Zhang <>
Date: Thu Aug 31 18:22:58 2017

Prevent FPDFAvail_IsDocAvail() from infinite looping.

BUG= pdfium:875 

Change-Id: I3cc29990f0a3398ae903bc14417ec695cca30c6c
Commit-Queue: Lei Zhang <>
Reviewed-by: Art Snake <>
Reviewed-by: Wei Li <>


Comment 8 by, Aug 31 2017

Project Member
Status: Fixed (was: Started)

Comment 9 by, Sep 3 2017


From comment #7, all these three links give a 404:


While unrelated to pdfium of course, this looks like a bug in your code management system. Should this be reported somewhere?

Comment 10 by, Sep 5 2017

Project Member
re: comment 9 - You can report a bug with bugdroid on The issue has existed for while AFAIK. I usually just use the link at the top.

Sign in to add a comment