You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@pdfbox.apache.org by "Michael Klink (Jira)" <ji...@apache.org> on 2020/10/20 13:16:00 UTC

[jira] [Created] (PDFBOX-4997) Incremental update adds certain objects not marked as needing update

Michael Klink created PDFBOX-4997:
-------------------------------------

             Summary: Incremental update adds certain objects not marked as needing update
                 Key: PDFBOX-4997
                 URL: https://issues.apache.org/jira/browse/PDFBOX-4997
             Project: PDFBox
          Issue Type: Bug
          Components: Writing
    Affects Versions: 2.0.21, 3.0.0 PDFBox
            Reporter: Michael Klink
         Attachments: signed-000.pdf

_This bug causes the eSignature DSS issue [DSS-2260|https://ec.europa.eu/cefdigital/tracker/browse/DSS-2260]._

If during an incremental update an indirect object containing only a name object is checked for need of writing, it always is added to the objects to write and, therefore, eventually written to the update section.

For example in the attached document {{signed-000.pdf}} each page has a color space resource entry *CS1* referring to the indirect object 54 containing only the name object, *DeviceGray*. Whenever a page is marked as needing an update, the bug causes object 54 also to be written even if it is not changed at all.

While this seems like a minor annoyance only, it has serious repercussions: In multi-signature use cases this makes Adobe Reader claim previous signatures to be broken whenever a new signature with visualization is added using PDFBox, see also [DSS-2260|https://ec.europa.eu/cefdigital/tracker/browse/DSS-2260].
----
The cause of the bug is {{org.apache.pdfbox.pdfwriter.COSWriter.addObjectToWrite(COSBase)}} where the following {{if}} clause attempts to determine whether the inspected object does not need to be written:
{code:java}
if (actual != null && objectKeys.containsKey(actual) 
    && object instanceof COSUpdateInfo && !((COSUpdateInfo)object).isNeedToBeUpdated() 
    && cosBase instanceof COSUpdateInfo && !((COSUpdateInfo)cosBase).isNeedToBeUpdated() )
{
    return;
}
{code}
Here {{cosBase}} contains the content of the indirect object, in the case in question the {{COSName}} *DeviceGray*. As {{COSName}} does not implement {{COSUpdateInfo}}, the condition never evaluates to {{true}}, so the flow never returns here but instead always continues with the following lines where the object is added to the collection of objects to write.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org