Bug#421306: kpdf: excessive resource usage on malformed pdf

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#421306: kpdf: excessive resource usage on malformed pdf
From: Torok Edwin <edwintorok@gmail.com>
Date: Fri, 27 Apr 2007 21:36:00 +0300
Message-id: <[🔎] 20070427183600.10378.50094.reportbug@lightspeed2.no-ip.info>
Reply-to: Torok Edwin <edwintorok@gmail.com>, 421306@bugs.debian.org

Package: kpdf
Version: 4:3.5.6-2
Severity: normal

I found that certain .pdf files can lead to memory exhaustion when
opened with kpdf, and sometimes in gv.

The attached pdf file was created by openoffice [1], and when opened
with xpdf it shows an empty page. However kpdf start using huge
amounts of memory when trying to open the page (2049M of virt memory,
and 1023M of RES memory).

The problem occured on Athlon64, with 2Gb of physical memory. If swap
is disactivated, kpdf makes the system freeze for a few minutes (till
the OOM killer starts killing some apps, but as usual it kills
everything [even X]).

If swap is available kpdf uses 2049MB of virt. memory, the system load
rises, and it uses approx. 900MB of swap.

I consider that for a .pdf of 1k, the amount of memory used by kpdf is
insane, and kpdf shouldn't blindly accept any size read from a pdf.

1]
The .pdf was created by selecting 3 charts in an OpenSpreadsheet
document, and using 'Export as PDF'. The charts weren't exported
correctly, but the bigger problem is that opening it in kpdf causes a
DoS. Tthe .pdf wasn't manipulated in any way, it is exactly as
openoffice created it.




-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.20-1-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages kpdf depends on:
ii  kdelibs4c2a          4:3.5.6.r1.dfsg.1-4 core libraries and binaries for al
ii  libc6                2.5-4               GNU C Library: Shared libraries
ii  libfontconfig1       2.4.2-1.2           generic font configuration library
ii  libfreetype6         2.2.1-5             FreeType 2 font engine, shared lib
ii  libgcc1              1:4.1.2-4           GCC support library
ii  libjpeg62            6b-13               The Independent JPEG Group's JPEG 
ii  libpaper1            1.1.21              Library for handling paper charact
ii  libqt3-mt            3:3.3.7-4+b1        Qt GUI Library (Threaded runtime v
ii  libstdc++6           4.1.2-4             The GNU Standard C++ Library v3
ii  libx11-6             2:1.0.3-7           X11 client-side library
ii  libxft2              2.1.12-2            FreeType-based font drawing librar
ii  zlib1g               1:1.2.3-13          compression library - runtime

Versions of packages kpdf recommends:
ii  kghostview                    4:3.5.6-2  PostScript viewer for KDE

-- no debconf information

Attachment: oom.pdf
Description: Adobe PDF document

Reply to:

Prev by Date: Bug#421299: New localhost transport created and set as standard breaks sending
Next by Date: Processed: [bts-link] source package kdepim
Previous by thread: Bug#421299: New localhost transport created and set as standard breaks sending
Next by thread: Bug#421358: [kontact] changing view to summary often crashes
Index(es):
- Date
- Thread