Repairs the construction of CMap objects so that the mapping order … #47
Conversation
…esn’t reflect the character order of the text
|
Is this a backport of a Qt 5 commit? Would appreciate linking to it if so. |
Hi ashkulz. This is not a backport of a Qt 5 commit. I was recently scheduled to participate in a project to study a method for removing sensitive information in PDF documents generated by a given system. I became aware of the Australian article, I confirmed the problem in the system and then found out that the system uses wkhtmltopdf to convert HTML to PDF. So, I started studying wkhtmltopdf to find the code point that generated the CMap object. When I found out it was in Qt, I had difficulties in compiling it. I saw that wkhtmltopdf uses Qt 4.8.7, but there was not much support in the Qt forum to compile this version, nor to compile wkhtmltopdf (example: https://forum.qt.io/topic/39317/problem-compiling-wkhtmltopdf-qt/7). My main goal was not Qt, but wkhtmltopdf. So, I thought that the Qt community wouldn't help me much, and I kept my focus on the wk_4.8.7 branch. Now that I can compile a version of wkhtmltopdf that works for me, I will contact the Qt community to report the problem and suggest a fix. Anyway, I believe that there are users of wkhtmltopdf interested in this correction now, in view of the GDPR and other similar regulatory frameworks in other countries. |
|
In time, it is not a solution that eliminates risk, it just decreases the probability. If there is a sequence "a, b, c", this representation can occur in CMap (even reordered). In addition, I said reordering per page created, but the code does a reordering by calling the drawTextItem function. I sent a message to development@qt-project.org. I'm considering inserting the question at https://bugreports.qt.io/secure/Dashboard.jspa. If I have any positioning from Qt developers, I'll let you know here. I believe that if I try to commit officially in the Qt project, they will request a complete correction, that is: the complete reordering of the CMap object. The solution would become much more complex in this case. I don't have time to work on this at the moment due to my job and college. But if I have time in the future, and the question is still open, I will go deeper into the solution. I have no history and experience of contribution to the open source community, but I would like to have it. I am organizing myself for this. It is worth mentioning that I have no practical experience in team development, being a junior in the field. Therefore, failures can occur with respect to good practices that must be observed. |
…doesn’t reflect the character order of the text. This is a vulnerability reported on this link: https://www.cyber.gov.au/publications/redaction-functionality-in-adobe-acrobat-pro
The change applied to the code inserts a reordering of the CMap object values, in ascending order, for each page created.