kordoc 0.2.1 → 0.2.2

package/README.md

@@ -147,13 +147,18 @@ import type { IRBlock, IRTable, IRCell, CellContext } from "kordoc"
 
 ## Security
 
-v0.2.1 includes the following security hardening:
+v0.2.2 security hardening (cumulative since v0.2.1):
 
 - **ZIP bomb protection** — 100MB decompression limit, 500 entry cap
-- **XXE prevention** — DOCTYPE declarations stripped from HWPX XML
-- **Decompression bomb guard** — `maxOutputLength` on HWP5 zlib streams
+- **XXE/Billion Laughs prevention** — Internal DTD subsets fully stripped from HWPX XML
+- **Decompression bomb guard** — `maxOutputLength` on HWP5 zlib streams, cumulative 100MB limit across sections
+- **colSpan/rowSpan clamping** — Crafted merge values clamped to grid bounds (MAX_COLS=200, MAX_ROWS=10,000)
+- **Broken ZIP path traversal guard** — `..` and absolute path entries rejected, filename length capped
 - **MCP path restriction** — Only `.hwp`, `.hwpx`, `.pdf` extensions allowed
-- **Table memory guard** — 10,000 row cap on table builder
+- **File size limit** — 500MB max in MCP server and CLI
+- **PDF resource cleanup** — `doc.destroy()` prevents WASM memory leaks
+- **Table memory guard** — Sparse Set-based allocation in Pass 1, 10,000 row cap
+- **HWP5 section limit** — Max 100 sections to prevent infinite loop on corrupted files
 
 ## How It Works
 

package/dist/{chunk-C3XHIIJZ.js → chunk-KZMWHK72.js}

@@ -1,17 +1,20 @@
 #!/usr/bin/env node
 
 // src/detect.ts
+function magicBytes(buffer) {
+  return new Uint8Array(buffer, 0, Math.min(4, buffer.byteLength));
+}
 function isHwpxFile(buffer) {
-  const bytes = new Uint8Array(buffer.slice(0, 4));
-  return bytes[0] === 80 && bytes[1] === 75 && bytes[2] === 3 && bytes[3] === 4;
+  const b = magicBytes(buffer);
+  return b[0] === 80 && b[1] === 75 && b[2] === 3 && b[3] === 4;
 }
 function isOldHwpFile(buffer) {
-  const bytes = new Uint8Array(buffer.slice(0, 4));
-  return bytes[0] === 208 && bytes[1] === 207 && bytes[2] === 17 && bytes[3] === 224;
+  const b = magicBytes(buffer);
+  return b[0] === 208 && b[1] === 207 && b[2] === 17 && b[3] === 224;
 }
 function isPdfFile(buffer) {
-  const bytes = new Uint8Array(buffer.slice(0, 4));
-  return bytes[0] === 37 && bytes[1] === 80 && bytes[2] === 68 && bytes[3] === 70;
+  const b = magicBytes(buffer);
+  return b[0] === 37 && b[1] === 80 && b[2] === 68 && b[3] === 70;
 }
 function detectFormat(buffer) {
   if (isHwpxFile(buffer)) return "hwpx";
@@ -21,7 +24,7 @@ function detectFormat(buffer) {
 }
 
 // src/utils.ts
-var VERSION = true ? "0.2.1" : "0.0.0-dev";
+var VERSION = true ? "0.2.2" : "0.0.0-dev";
 function toArrayBuffer(buf) {
   return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength);
 }
@@ -37,22 +40,23 @@ var MAX_ROWS = 1e4;
 function buildTable(rows) {
   if (rows.length > MAX_ROWS) rows = rows.slice(0, MAX_ROWS);
   const numRows = rows.length;
-  const tempOccupied = Array.from({ length: numRows }, () => Array(MAX_COLS).fill(false));
+  const tempOccupied = /* @__PURE__ */ new Set();
   let maxCols = 0;
   for (let rowIdx = 0; rowIdx < numRows; rowIdx++) {
     let colIdx = 0;
     for (const cell of rows[rowIdx]) {
-      while (colIdx < MAX_COLS && tempOccupied[rowIdx][colIdx]) colIdx++;
+      while (colIdx < MAX_COLS && tempOccupied.has(rowIdx * MAX_COLS + colIdx)) colIdx++;
       if (colIdx >= MAX_COLS) break;
       for (let r = rowIdx; r < Math.min(rowIdx + cell.rowSpan, numRows); r++) {
         for (let c = colIdx; c < Math.min(colIdx + cell.colSpan, MAX_COLS); c++) {
-          tempOccupied[r][c] = true;
+          tempOccupied.add(r * MAX_COLS + c);
         }
       }
       colIdx += cell.colSpan;
       if (colIdx > maxCols) maxCols = colIdx;
     }
   }
+  tempOccupied.clear();
   if (maxCols === 0) return { rows: 0, cols: 0, cells: [], hasHeader: false };
   const grid = Array.from(
     { length: numRows },
@@ -162,8 +166,11 @@ function tableToMarkdown(table) {
 // src/hwpx/parser.ts
 var MAX_DECOMPRESS_SIZE = 100 * 1024 * 1024;
 var MAX_ZIP_ENTRIES = 500;
+function clampSpan(val, max) {
+  return Math.max(1, Math.min(val, max));
+}
 function stripDtd(xml) {
-  return xml.replace(/<!DOCTYPE[^>]*>/gi, "");
+  return xml.replace(/<!DOCTYPE\s[^[>]*(\[[\s\S]*?\])?\s*>/gi, "");
 }
 async function parseHwpxDocument(buffer) {
   let zip;
@@ -200,6 +207,10 @@ function extractFromBrokenZip(buffer) {
     const compSize = view.getUint32(pos + 18, true);
     const nameLen = view.getUint16(pos + 26, true);
     const extraLen = view.getUint16(pos + 28, true);
+    if (nameLen > 1024 || extraLen > 65535) {
+      pos += 30 + nameLen + extraLen;
+      continue;
+    }
     const fileStart = pos + 30 + nameLen + extraLen;
     if (fileStart + compSize > data.length) break;
     if (compSize === 0 && method !== 0) {
@@ -208,6 +219,10 @@ function extractFromBrokenZip(buffer) {
     }
     const nameBytes = data.slice(pos + 30, pos + 30 + nameLen);
     const name = new TextDecoder().decode(nameBytes);
+    if (name.includes("..") || name.startsWith("/")) {
+      pos = fileStart + compSize;
+      continue;
+    }
     const fileData = data.slice(fileStart, fileStart + compSize);
     pos = fileStart + compSize;
     if (!name.toLowerCase().includes("section") || !name.endsWith(".xml")) continue;
@@ -331,8 +346,8 @@ function walkSection(node, blocks, tableCtx, tableStack) {
         if (tableCtx?.cell) {
           const cs = parseInt(el.getAttribute("colSpan") || "1", 10);
           const rs = parseInt(el.getAttribute("rowSpan") || "1", 10);
-          if (cs > 0) tableCtx.cell.colSpan = cs;
-          if (rs > 0) tableCtx.cell.rowSpan = rs;
+          tableCtx.cell.colSpan = clampSpan(cs, MAX_COLS);
+          tableCtx.cell.rowSpan = clampSpan(rs, MAX_ROWS);
         }
         break;
       case "p": {
@@ -498,6 +513,8 @@ function extractText(data) {
 import { createRequire } from "module";
 var require2 = createRequire(import.meta.url);
 var CFB = require2("cfb");
+var MAX_SECTIONS = 100;
+var MAX_TOTAL_DECOMPRESS = 100 * 1024 * 1024;
 function parseHwp5Document(buffer) {
   const cfb = CFB.parse(buffer);
   const headerEntry = CFB.find(cfb, "/FileHeader");
@@ -510,8 +527,11 @@ function parseHwp5Document(buffer) {
   const sections = findSections(cfb);
   if (sections.length === 0) throw new Error("\uC139\uC158 \uC2A4\uD2B8\uB9BC\uC744 \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4");
   const blocks = [];
+  let totalDecompressed = 0;
   for (const sectionData of sections) {
     const data = compressed ? decompressStream(Buffer.from(sectionData)) : Buffer.from(sectionData);
+    totalDecompressed += data.length;
+    if (totalDecompressed > MAX_TOTAL_DECOMPRESS) throw new Error("\uCD1D \uC555\uCD95 \uD574\uC81C \uD06C\uAE30 \uCD08\uACFC (decompression bomb \uC758\uC2EC)");
     const records = readRecords(data);
     blocks.push(...parseSection(records));
   }
@@ -519,7 +539,7 @@ function parseHwp5Document(buffer) {
 }
 function findSections(cfb) {
   const sections = [];
-  for (let i = 0; ; i++) {
+  for (let i = 0; i < MAX_SECTIONS; i++) {
     const entry = CFB.find(cfb, `/BodyText/Section${i}`);
     if (!entry?.content) break;
     sections.push({ idx: i, content: Buffer.from(entry.content) });
@@ -618,8 +638,8 @@ function parseCellBlock(records, startIdx, tableLevel) {
   if (rec.data.length >= 14) {
     const cs = rec.data.readUInt16LE(10);
     const rs = rec.data.readUInt16LE(12);
-    if (cs > 0) colSpan = cs;
-    if (rs > 0) rowSpan = rs;
+    if (cs > 0) colSpan = Math.min(cs, MAX_COLS);
+    if (rs > 0) rowSpan = Math.min(rs, MAX_ROWS);
   }
   let i = startIdx + 1;
   while (i < records.length) {
@@ -692,40 +712,45 @@ async function parsePdfDocument(buffer) {
     disableFontFace: true,
     isEvalSupported: false
   }).promise;
-  const pageCount = doc.numPages;
-  if (pageCount === 0) {
-    return { success: false, fileType: "pdf", pageCount: 0, error: "PDF\uC5D0 \uD398\uC774\uC9C0\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4." };
-  }
-  const pageTexts = [];
-  let totalChars = 0;
-  for (let i = 1; i <= pageCount; i++) {
-    const page = await doc.getPage(i);
-    const textContent = await page.getTextContent();
-    const lines = groupTextItemsByLine(textContent.items);
-    const pageText = lines.join("\n");
-    totalChars += pageText.replace(/\s/g, "").length;
-    pageTexts.push(pageText);
-  }
-  const avgCharsPerPage = totalChars / pageCount;
-  if (avgCharsPerPage < 10) {
-    return {
-      success: false,
-      fileType: "pdf",
-      pageCount,
-      isImageBased: true,
-      error: `\uC774\uBBF8\uC9C0 \uAE30\uBC18 PDF\uB85C \uCD94\uC815\uB429\uB2C8\uB2E4 (${pageCount}\uD398\uC774\uC9C0, \uCD94\uCD9C \uD14D\uC2A4\uD2B8 ${totalChars}\uC790).`
-    };
-  }
-  let markdown = "";
-  for (let i = 0; i < pageTexts.length; i++) {
-    const cleaned = cleanPdfText(pageTexts[i]);
-    if (cleaned.trim()) {
-      if (i > 0 && markdown) markdown += "\n\n";
-      markdown += cleaned;
+  try {
+    const pageCount = doc.numPages;
+    if (pageCount === 0) {
+      return { success: false, fileType: "pdf", pageCount: 0, error: "PDF\uC5D0 \uD398\uC774\uC9C0\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4." };
+    }
+    const pageTexts = [];
+    let totalChars = 0;
+    for (let i = 1; i <= pageCount; i++) {
+      const page = await doc.getPage(i);
+      const textContent = await page.getTextContent();
+      const lines = groupTextItemsByLine(textContent.items);
+      const pageText = lines.join("\n");
+      totalChars += pageText.replace(/\s/g, "").length;
+      pageTexts.push(pageText);
+    }
+    const avgCharsPerPage = totalChars / pageCount;
+    if (avgCharsPerPage < 10) {
+      return {
+        success: false,
+        fileType: "pdf",
+        pageCount,
+        isImageBased: true,
+        error: `\uC774\uBBF8\uC9C0 \uAE30\uBC18 PDF\uB85C \uCD94\uC815\uB429\uB2C8\uB2E4 (${pageCount}\uD398\uC774\uC9C0, \uCD94\uCD9C \uD14D\uC2A4\uD2B8 ${totalChars}\uC790).`
+      };
+    }
+    let markdown = "";
+    for (let i = 0; i < pageTexts.length; i++) {
+      const cleaned = cleanPdfText(pageTexts[i]);
+      if (cleaned.trim()) {
+        if (i > 0 && markdown) markdown += "\n\n";
+        markdown += cleaned;
+      }
     }
+    markdown = reconstructTables(markdown);
+    return { success: true, fileType: "pdf", markdown, pageCount, isImageBased: false };
+  } finally {
+    await doc.destroy().catch(() => {
+    });
   }
-  markdown = reconstructTables(markdown);
-  return { success: true, fileType: "pdf", markdown, pageCount, isImageBased: false };
 }
 function groupTextItemsByLine(items) {
   if (items.length === 0) return [];

package/dist/cli.js

@@ -4,10 +4,10 @@ import {
   detectFormat,
   parse,
   toArrayBuffer
-} from "./chunk-C3XHIIJZ.js";
+} from "./chunk-KZMWHK72.js";
 
 // src/cli.ts
-import { readFileSync, writeFileSync, mkdirSync } from "fs";
+import { readFileSync, writeFileSync, mkdirSync, statSync } from "fs";
 import { basename, resolve } from "path";
 import { Command } from "commander";
 var program = new Command();
@@ -16,6 +16,14 @@ program.name("kordoc").description("\uBAA8\uB450 \uD30C\uC2F1\uD574\uBC84\uB9AC\
     const absPath = resolve(filePath);
     const fileName = basename(absPath);
     try {
+      const fileSize = statSync(absPath).size;
+      if (fileSize > 500 * 1024 * 1024) {
+        process.stderr.write(`
+[kordoc] SKIP: ${fileName} \u2014 \uD30C\uC77C\uC774 \uB108\uBB34 \uD07D\uB2C8\uB2E4 (${(fileSize / 1024 / 1024).toFixed(1)}MB)
+`);
+        process.exitCode = 1;
+        continue;
+      }
       const buffer = readFileSync(absPath);
       const arrayBuffer = toArrayBuffer(buffer);
       const format = detectFormat(arrayBuffer);
@@ -40,7 +48,8 @@ program.name("kordoc").description("\uBAA8\uB450 \uD30C\uC2F1\uD574\uBC84\uB9AC\
 `);
       } else if (opts.outDir) {
         mkdirSync(opts.outDir, { recursive: true });
-        const outPath = resolve(opts.outDir, fileName.replace(/\.[^.]+$/, ".md"));
+        const outExt = opts.format === "json" ? ".json" : ".md";
+        const outPath = resolve(opts.outDir, fileName.replace(/\.[^.]+$/, outExt));
         writeFileSync(outPath, output, "utf-8");
         if (!opts.silent) process.stderr.write(`  \u2192 ${outPath}
 `);

package/dist/index.cjs

@@ -46,17 +46,20 @@ __export(index_exports, {
 module.exports = __toCommonJS(index_exports);
 
 // src/detect.ts
+function magicBytes(buffer) {
+  return new Uint8Array(buffer, 0, Math.min(4, buffer.byteLength));
+}
 function isHwpxFile(buffer) {
-  const bytes = new Uint8Array(buffer.slice(0, 4));
-  return bytes[0] === 80 && bytes[1] === 75 && bytes[2] === 3 && bytes[3] === 4;
+  const b = magicBytes(buffer);
+  return b[0] === 80 && b[1] === 75 && b[2] === 3 && b[3] === 4;
 }
 function isOldHwpFile(buffer) {
-  const bytes = new Uint8Array(buffer.slice(0, 4));
-  return bytes[0] === 208 && bytes[1] === 207 && bytes[2] === 17 && bytes[3] === 224;
+  const b = magicBytes(buffer);
+  return b[0] === 208 && b[1] === 207 && b[2] === 17 && b[3] === 224;
 }
 function isPdfFile(buffer) {
-  const bytes = new Uint8Array(buffer.slice(0, 4));
-  return bytes[0] === 37 && bytes[1] === 80 && bytes[2] === 68 && bytes[3] === 70;
+  const b = magicBytes(buffer);
+  return b[0] === 37 && b[1] === 80 && b[2] === 68 && b[3] === 70;
 }
 function detectFormat(buffer) {
   if (isHwpxFile(buffer)) return "hwpx";
@@ -76,22 +79,23 @@ var MAX_ROWS = 1e4;
 function buildTable(rows) {
   if (rows.length > MAX_ROWS) rows = rows.slice(0, MAX_ROWS);
   const numRows = rows.length;
-  const tempOccupied = Array.from({ length: numRows }, () => Array(MAX_COLS).fill(false));
+  const tempOccupied = /* @__PURE__ */ new Set();
   let maxCols = 0;
   for (let rowIdx = 0; rowIdx < numRows; rowIdx++) {
     let colIdx = 0;
     for (const cell of rows[rowIdx]) {
-      while (colIdx < MAX_COLS && tempOccupied[rowIdx][colIdx]) colIdx++;
+      while (colIdx < MAX_COLS && tempOccupied.has(rowIdx * MAX_COLS + colIdx)) colIdx++;
       if (colIdx >= MAX_COLS) break;
       for (let r = rowIdx; r < Math.min(rowIdx + cell.rowSpan, numRows); r++) {
         for (let c = colIdx; c < Math.min(colIdx + cell.colSpan, MAX_COLS); c++) {
-          tempOccupied[r][c] = true;
+          tempOccupied.add(r * MAX_COLS + c);
         }
       }
       colIdx += cell.colSpan;
       if (colIdx > maxCols) maxCols = colIdx;
     }
   }
+  tempOccupied.clear();
   if (maxCols === 0) return { rows: 0, cols: 0, cells: [], hasHeader: false };
   const grid = Array.from(
     { length: numRows },
@@ -201,8 +205,11 @@ function tableToMarkdown(table) {
 // src/hwpx/parser.ts
 var MAX_DECOMPRESS_SIZE = 100 * 1024 * 1024;
 var MAX_ZIP_ENTRIES = 500;
+function clampSpan(val, max) {
+  return Math.max(1, Math.min(val, max));
+}
 function stripDtd(xml) {
-  return xml.replace(/<!DOCTYPE[^>]*>/gi, "");
+  return xml.replace(/<!DOCTYPE\s[^[>]*(\[[\s\S]*?\])?\s*>/gi, "");
 }
 async function parseHwpxDocument(buffer) {
   let zip;
@@ -239,6 +246,10 @@ function extractFromBrokenZip(buffer) {
     const compSize = view.getUint32(pos + 18, true);
     const nameLen = view.getUint16(pos + 26, true);
     const extraLen = view.getUint16(pos + 28, true);
+    if (nameLen > 1024 || extraLen > 65535) {
+      pos += 30 + nameLen + extraLen;
+      continue;
+    }
     const fileStart = pos + 30 + nameLen + extraLen;
     if (fileStart + compSize > data.length) break;
     if (compSize === 0 && method !== 0) {
@@ -247,6 +258,10 @@ function extractFromBrokenZip(buffer) {
     }
     const nameBytes = data.slice(pos + 30, pos + 30 + nameLen);
     const name = new TextDecoder().decode(nameBytes);
+    if (name.includes("..") || name.startsWith("/")) {
+      pos = fileStart + compSize;
+      continue;
+    }
     const fileData = data.slice(fileStart, fileStart + compSize);
     pos = fileStart + compSize;
     if (!name.toLowerCase().includes("section") || !name.endsWith(".xml")) continue;
@@ -370,8 +385,8 @@ function walkSection(node, blocks, tableCtx, tableStack) {
         if (tableCtx?.cell) {
           const cs = parseInt(el.getAttribute("colSpan") || "1", 10);
           const rs = parseInt(el.getAttribute("rowSpan") || "1", 10);
-          if (cs > 0) tableCtx.cell.colSpan = cs;
-          if (rs > 0) tableCtx.cell.rowSpan = rs;
+          tableCtx.cell.colSpan = clampSpan(cs, MAX_COLS);
+          tableCtx.cell.rowSpan = clampSpan(rs, MAX_ROWS);
         }
         break;
       case "p": {
@@ -538,6 +553,8 @@ var import_module = require("module");
 var import_meta = {};
 var require2 = (0, import_module.createRequire)(import_meta.url);
 var CFB = require2("cfb");
+var MAX_SECTIONS = 100;
+var MAX_TOTAL_DECOMPRESS = 100 * 1024 * 1024;
 function parseHwp5Document(buffer) {
   const cfb = CFB.parse(buffer);
   const headerEntry = CFB.find(cfb, "/FileHeader");
@@ -550,8 +567,11 @@ function parseHwp5Document(buffer) {
   const sections = findSections(cfb);
   if (sections.length === 0) throw new Error("\uC139\uC158 \uC2A4\uD2B8\uB9BC\uC744 \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4");
   const blocks = [];
+  let totalDecompressed = 0;
   for (const sectionData of sections) {
     const data = compressed ? decompressStream(Buffer.from(sectionData)) : Buffer.from(sectionData);
+    totalDecompressed += data.length;
+    if (totalDecompressed > MAX_TOTAL_DECOMPRESS) throw new Error("\uCD1D \uC555\uCD95 \uD574\uC81C \uD06C\uAE30 \uCD08\uACFC (decompression bomb \uC758\uC2EC)");
     const records = readRecords(data);
     blocks.push(...parseSection(records));
   }
@@ -559,7 +579,7 @@ function parseHwp5Document(buffer) {
 }
 function findSections(cfb) {
   const sections = [];
-  for (let i = 0; ; i++) {
+  for (let i = 0; i < MAX_SECTIONS; i++) {
     const entry = CFB.find(cfb, `/BodyText/Section${i}`);
     if (!entry?.content) break;
     sections.push({ idx: i, content: Buffer.from(entry.content) });
@@ -658,8 +678,8 @@ function parseCellBlock(records, startIdx, tableLevel) {
   if (rec.data.length >= 14) {
     const cs = rec.data.readUInt16LE(10);
     const rs = rec.data.readUInt16LE(12);
-    if (cs > 0) colSpan = cs;
-    if (rs > 0) rowSpan = rs;
+    if (cs > 0) colSpan = Math.min(cs, MAX_COLS);
+    if (rs > 0) rowSpan = Math.min(rs, MAX_ROWS);
   }
   let i = startIdx + 1;
   while (i < records.length) {
@@ -733,40 +753,45 @@ async function parsePdfDocument(buffer) {
     disableFontFace: true,
     isEvalSupported: false
   }).promise;
-  const pageCount = doc.numPages;
-  if (pageCount === 0) {
-    return { success: false, fileType: "pdf", pageCount: 0, error: "PDF\uC5D0 \uD398\uC774\uC9C0\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4." };
-  }
-  const pageTexts = [];
-  let totalChars = 0;
-  for (let i = 1; i <= pageCount; i++) {
-    const page = await doc.getPage(i);
-    const textContent = await page.getTextContent();
-    const lines = groupTextItemsByLine(textContent.items);
-    const pageText = lines.join("\n");
-    totalChars += pageText.replace(/\s/g, "").length;
-    pageTexts.push(pageText);
-  }
-  const avgCharsPerPage = totalChars / pageCount;
-  if (avgCharsPerPage < 10) {
-    return {
-      success: false,
-      fileType: "pdf",
-      pageCount,
-      isImageBased: true,
-      error: `\uC774\uBBF8\uC9C0 \uAE30\uBC18 PDF\uB85C \uCD94\uC815\uB429\uB2C8\uB2E4 (${pageCount}\uD398\uC774\uC9C0, \uCD94\uCD9C \uD14D\uC2A4\uD2B8 ${totalChars}\uC790).`
-    };
-  }
-  let markdown = "";
-  for (let i = 0; i < pageTexts.length; i++) {
-    const cleaned = cleanPdfText(pageTexts[i]);
-    if (cleaned.trim()) {
-      if (i > 0 && markdown) markdown += "\n\n";
-      markdown += cleaned;
+  try {
+    const pageCount = doc.numPages;
+    if (pageCount === 0) {
+      return { success: false, fileType: "pdf", pageCount: 0, error: "PDF\uC5D0 \uD398\uC774\uC9C0\uAC00 \uC5C6\uC2B5\uB2C8\uB2E4." };
+    }
+    const pageTexts = [];
+    let totalChars = 0;
+    for (let i = 1; i <= pageCount; i++) {
+      const page = await doc.getPage(i);
+      const textContent = await page.getTextContent();
+      const lines = groupTextItemsByLine(textContent.items);
+      const pageText = lines.join("\n");
+      totalChars += pageText.replace(/\s/g, "").length;
+      pageTexts.push(pageText);
+    }
+    const avgCharsPerPage = totalChars / pageCount;
+    if (avgCharsPerPage < 10) {
+      return {
+        success: false,
+        fileType: "pdf",
+        pageCount,
+        isImageBased: true,
+        error: `\uC774\uBBF8\uC9C0 \uAE30\uBC18 PDF\uB85C \uCD94\uC815\uB429\uB2C8\uB2E4 (${pageCount}\uD398\uC774\uC9C0, \uCD94\uCD9C \uD14D\uC2A4\uD2B8 ${totalChars}\uC790).`
+      };
+    }
+    let markdown = "";
+    for (let i = 0; i < pageTexts.length; i++) {
+      const cleaned = cleanPdfText(pageTexts[i]);
+      if (cleaned.trim()) {
+        if (i > 0 && markdown) markdown += "\n\n";
+        markdown += cleaned;
+      }
     }
+    markdown = reconstructTables(markdown);
+    return { success: true, fileType: "pdf", markdown, pageCount, isImageBased: false };
+  } finally {
+    await doc.destroy().catch(() => {
+    });
   }
-  markdown = reconstructTables(markdown);
-  return { success: true, fileType: "pdf", markdown, pageCount, isImageBased: false };
 }
 function groupTextItemsByLine(items) {
   if (items.length === 0) return [];
@@ -842,7 +867,7 @@ function formatAsMarkdownTable(rows) {
 }
 
 // src/utils.ts
-var VERSION = true ? "0.2.1" : "0.0.0-dev";
+var VERSION = true ? "0.2.2" : "0.0.0-dev";
 
 // src/index.ts
 async function parse(buffer) {