325588 - A Stack Overflow (and crash) will be triggered embedding two or more PDF documents. (Adobe Reader 7.0.5-7.0.8) [@ nppdf32.dll]

Status: RESOLVED WORKSFORME

(Plugins Graveyard :: PDF (Adobe), defect)

Description

[Ruben]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8) Gecko/20051111 Firefox/1.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-ES; rv:1.8) Gecko/20051111 Firefox/1.5

Having Adobe PDF reader plugin (7.0.x) installed.
If you embed two or more pdf documents using <embed></embed> tags, a stack overflow is triggered and then the software crashes.
The bug seems not exploitable, at least, not easily exploitable.
The problem seems to be an improper subclassing of the Adobe pdf reader plugin which causes a recursive situation.

Reproducible: Always

Steps to Reproduce:
1.Open a html with two or more pdf documents embedded.
2.
3.

Actual Results:  
Software Crashes.

Expected Results:  
It should display two or more pdf documents embedded.

No error message will appear. When a process exhausts its stack memory,it will be silently killed by Windows.

nppdf32.dll plugin module.

Mozilla and Firefox crashes when the flaw is triggered.

Comment 1

[timeless]

unfortunately, exception handlers can't deal with stack overflows because they too require stack frames, of which there are none available. this applies to drwatson, talkback, and mozilla's plugin crash handler.  there's nothing we can do, and i can't find an adobe pdf contact atm.

Comment 2

[Jesse Ruderman]

*** Bug 322389 has been marked as a duplicate of this bug. ***

Comment 3

[Jesse Ruderman]

I can reproduce this crash (Acrobat plugin version 7, Firefox trunk on WinXP).

Comment 4

[Jesse Ruderman]

The Adobe development team is aware of this bug.

Comment 5

[zug_treno]

*** Bug 332388 has been marked as a duplicate of this bug. ***

Comment 6

[Kevin C.]

I can verify that this issue happens in SeaMonkey 1.0.1 as well.

I encountered the following website that has this issue at the top of a Google search on embedding pdf in html pages:

http://www.planetpdf.com/mainpage.asp?webpageid=1682

SeaMonkey version:

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060404 MultiZilla/1.8.1.1d SeaMonkey/1.0.1

Adobe Acrobat

    File name: nppdf32.dll
    Adobe Acrobat Plug-In Version 7.00 for Netscape

Adobe version shows version 7.0.7

Comment 7

[WADA:World Anti-bad-Duping Agency]

Ruben(bug opener), can you write Adobe Reader's version when bug is opened?
What is current version? Problem still remain?
(As Kevin C. says in comment #6, plugin version is still 7.0.0.)

Comment 8

[timeless]

*** Bug 339242 has been marked as a duplicate of this bug. ***

Comment 9

[Brian Polidoro]

Version 7.0.8 of the plugin does not correct this.  Maybe the issue missed the 7.0.8 cycle.

Comment 10

[Martijn Wargers (dead)]

*** Bug 345626 has been marked as a duplicate of this bug. ***

Comment 11

[WADA:World Anti-bad-Duping Agency]

(In reply to comment #4)
> The Adobe development team is aware of this bug.
To Jesse Ruderman:
Do you know bug report number or problem incident number by Adobe?

Comment 12

[Robert D. Martin]

(In reply to comment #11)
> (In reply to comment #4)
> > The Adobe development team is aware of this bug.
> To Jesse Ruderman:
> Do you know bug report number or problem incident number by Adobe?
> 

Please see the following Adobe Infopage incl contact for help with such problems with embedded pdf.  ...:  
http://www.planetpdf.com/mainpage.asp?webpageid=1682
Zitat...: ²In short, there are a wide number of uses for embedding PDF files within HTML pages. If you encounter an application you feel is unique or have problems with these examples, feel free to email me at gordon_kent@yahoo.com.²

Comment 13

[WADA:World Anti-bad-Duping Agency]

(In reply to comment #12)
> Please see the following Adobe Infopage incl contact for help with such
> problems with embedded pdf.  ...:  
> http://www.planetpdf.com/mainpage.asp?webpageid=1682
Robert D. Martin, is the site Adobe's official site?
I'd like to know whether Adobe is already aware of this problem really or not, and whether this problem is Mozilla family's fault or Adobe's fault.

Comment 14

[Robert D. Martin]

(In reply to comment #13)
> (In reply to comment #12)
> > Please see the following Adobe Infopage incl contact for help with such
> > problems with embedded pdf.  ...:  
> > http://www.planetpdf.com/mainpage.asp?webpageid=1682
> Robert D. Martin, is the site Adobe's official site?
> I'd like to know whether Adobe is already aware of this problem really or not,
> and whether this problem is Mozilla family's fault or Adobe's fault.
> 

(1) I am happy to report that Gordon Kent has kindly answered to my request for clarification on your behalf, for which I have thanked him dearly.  His answer reads as follows...: 

[quote]
Hello Robert -
 
I'm in no way affliliated with Adobe Systems, nor is the site you reference (owned by Binary Thing). The article of reference I wrote for that web site several years ago.
 
My suggestion is to contact Adobe directly. Your best bet may be Lori Defurio (though it looks like she might be doing other stuff now). I'm also an ISV, and she had been the primary evangelist for Acrobat (info here: http://blogs.adobe.com/loridefurio/about.html)
 
Additionally, you might want to visit this site: http://acroeng.adobe.com/ you'll see that this is a "test lab" and there's a specific example of two embedded (or object-tagged) PDFs here: http://acroeng.adobe.com/Test_Files/embedded/embed2.html
 
One might conclude that the above site is indeed affliated with Adobe.
 
Gordon
[/quote]

(2) On the same day that I wrote to Mr. Kent to request his help, I also visited an Adobe owned website 

[http://www.adobe.com/support/products/readerviewing.html]

to ask via that site's feedback link for clarification directly from Adobe.  I have yet to receive a response from that quarter.  

(3) Lori DeFurio's blog page does sound promising.  
[quote]
About This Blog

My name is DeFurio. I've had a few hats at Adobe: a Sales Engineer, Acrobat (and PDF) Developer Evangelist, and most recently, I'm responsible for Customer & Field Enablement in our Knowledge Worker Solutions group. I spend about 80% of my time on the road: speaking at conferences and Acrobat User Groups, hosting workshops, or just talking about how to get the most out of Acrobat (and now Breeze) with our customers.

This blog will contain notes about conferences I attend and response to feedback I hear as I travel around the world.
[/quote]

The Formbuilder related buglist announced there contains the following mention of PDF files...: 
http://blogs.adobe.com/formbuilder/2006/07/previewing_as_dynamic_pdf.html

The reporting of additional bugs is also invited, though.  

I shall try to access developer notes at adobe websites to eventually find some notice of problems with displaying multiple embedded PDF files within browser windows.  

http://blogs.adobe.com/formbuilder/buglist.html

[quote]
http://blogs.adobe.com/formbuilder/buglist.html
[/quote]

Besides the following sole reference to bugs having to do with PDF files...: 
http://blogs.adobe.com/formbuilder/2006/07/previewing_as_dynamic_pdf.html

Comment 15

[Filip Jirsák]

I can reproduce this crash (Mozilla/5.0 (Windows; U; Windows NT 5.1; cs-CZ; rv:1.8.1) Gecko/20061010 Firefox/2.0; Adobe Acrobat Plug-In Version 7.00 for Netscape)

Comment 16

[Brian Polidoro]

*** Bug 359377 has been marked as a duplicate of this bug. ***

Comment 17

[Brian Polidoro]

Good news!! The new version 8 of the Adobe Reader does not crash on either of the URLs given in this bug.