Skip to content

validate poppler page size #4620

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: 8.17
Choose a base branch
from
Open

validate poppler page size #4620

wants to merge 4 commits into from

Conversation

jcupitt
Copy link
Member

@jcupitt jcupitt commented Aug 3, 2025

Poppler can return pages less than 1 pixel wide or high. Check for this and flag an error.

Thanks Yang Luo

jcupitt added 2 commits August 3, 2025 11:17
@jcupitt
validate poppler page size
adae833 
Poppler can return pages less than 1 pixel wide or high. Check for this
and flag an error.

Thanks Yang Luo, Riema Labs
@jcupitt
validate page size in svgload too
89fcb78
@jcupitt
Copy link
Member Author

jcupitt commented Aug 3, 2025
edited
Loading

We don't always validate all metadata returned by load libraries (we mostly assume they do this).

Perhaps we should add more protection against this type of error? For example, we could add:

if (!vips_object_sanity(VIPS_OBJECT(image)))
    return -1;

Near the start of major functions such as vips_image_generate(), or at strategic points in the base class of VipsForeign.

vips_image_sanity() can be quite slow (it walks the entire pipeline testing inter-image links). We could maybe only do the walk when --vips-leak is enabled.

@jcupitt
Copy link
Member Author

jcupitt commented Aug 3, 2025

I added some extra sanity checks as a backstop. They wouldn't have stopped this error, but they should catch other missed validations.

Is this too large a change for stable? We could delay until 8.18.

@lovell
Copy link
Member

lovell commented Aug 3, 2025

Should the target branch be updated to 8.17?

@jcupitt jcupitt changed the base branch from master to 8.17 August 3, 2025 21:58
@jcupitt
Copy link
Member Author

jcupitt commented Aug 3, 2025

Oh drat, I always forget to set the target, sorry.

@lovell
Copy link
Member

lovell commented Aug 4, 2025

I'm unsure about adding these new vips_object_sanity calls given it uses printf, which is more of a CLI approach than libvips-as-a-library behaviour.

@jcupitt
Copy link
Member Author

jcupitt commented Aug 4, 2025

Oh, you're right, vips_object_sanity() sends stuff to stdout.

It'd be a simple change to make sanity log an error, or perhaps that should wait until 8.18?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lovell lovell lovell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jcupitt @lovell