Qt Contributors Summit 2022 - Program/QtPDF
- 1 Session Summary
- 2 Session Owners
- 3 Notes
- 4 QA
- 4.1 Has the security team reviewed the usage of PDF as a image format? (DOS through a crafted PDF image that kills your system through massive rasterization) ?
- 4.2 Parsing without rendering ?
- 4.3 Where are QtPDF sources ?
- 4.4 Can QtPDF be built without building the whole of WebEngine ?
- 4.5 What about image size ?
- 4.6 Any interest in the project ?
Quick overview of what has been done (a bit more since https://youtu.be/y6-Khqrrz_U), and discussion of what could be done if the community is interested in helping (annotations, XFA, ??) Future of QtPDF vs. poppler: let's emphasize that we don't necessarily want to displace poppler in the open-source world, but I wonder if there is a chance for synergy, by harmonizing APIs (QTBUG-77517). Perhaps can discuss the future of rendering if there's time (what if https://youtu.be/JTjJpXd7zNc had turned out a bit better: we could render PDF sub-elements directly in the SG).
- Shawn Rutledge
(Taken by Samuel Gaist)
- Not a monolith Qt Quick Item on purpose
- Page switching at the Image component level (Image.currentFrame new in 5.14)
- Password input is possible using a Document
- It's modular so that application can be as simple as just showing the content of a file or a more full featured application
- Architecture is model view based (several different models handling various aspects such as links, search, bookmarks, etc.)
- Android support
- XFA ? ()
- Poppler in Qt Quick with same API ?
- Too restrictive of a license
- Aleix Pol Gonzalez noted that Okular has a Qt Quick version
Has the security team reviewed the usage of PDF as a image format? (DOS through a crafted PDF image that kills your system through massive rasterization) ?
1) at least PDF was designed as a subset of PostScript to not be turing complete (no infinite loops), but yeah it could probably end up with a lot of processing
2) Image can be remote and thus bring in additional data so is another attack vector
3) Add on the TODO list of the security team
Parsing without rendering ?
- Not with the current implementation
- Qt4PDF could be an alternative but must be explored
Where are QtPDF sources ?
- in the QtWebEngine module under src/pdf
Can QtPDF be built without building the whole of WebEngine ?
- Yes, just configure with skip qtwebengine core
What about image size ?
- Can be a problem as with other image format
- There's a list of known size limits that can be used
Any interest in the project ?
- It's not GPL only unlike poppler
- Might require some API rework to make it more compatible with the other projects