Skip to content

Commit 85f05cc

Browse files
committed
Detect xref pointer infinite loop (fixes #149)
1 parent 2d0c687 commit 85f05cc

File tree

5 files changed

+14
-0
lines changed

5 files changed

+14
-0
lines changed

Diff for: ChangeLog

+5
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
2017-08-25 Jay Berkenbilt <ejb@ql.org>
2+
3+
* Detect infinite loop while finding additional xref tables. Fixes
4+
#149.
5+
16
2017-08-22 Jay Berkenbilt <ejb@ql.org>
27

38
* 7.0.b1: release

Diff for: libqpdf/QPDF.cc

+6
Original file line numberDiff line numberDiff line change
@@ -491,8 +491,10 @@ void
491491
QPDF::read_xref(qpdf_offset_t xref_offset)
492492
{
493493
std::map<int, int> free_table;
494+
std::set<qpdf_offset_t> visited;
494495
while (xref_offset)
495496
{
497+
visited.insert(xref_offset);
496498
char buf[7];
497499
memset(buf, 0, sizeof(buf));
498500
this->m->file->seek(xref_offset, SEEK_SET);
@@ -520,6 +522,10 @@ QPDF::read_xref(qpdf_offset_t xref_offset)
520522
{
521523
xref_offset = read_xrefStream(xref_offset);
522524
}
525+
if (visited.count(xref_offset) != 0)
526+
{
527+
xref_offset = 0;
528+
}
523529
}
524530

525531
if (! this->m->trailer.isInitialized())

Diff for: qpdf/qtest/qpdf.test

+1
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,7 @@ my @bug_tests = (
221221
["141a", "/W entry size 0", 2],
222222
["141b", "/W entry size 0", 2],
223223
["143", "self-referential ostream", 3],
224+
["149", "xref prev pointer loop", 3],
224225
);
225226
$n_tests += scalar(@bug_tests);
226227
foreach my $d (@bug_tests)

Diff for: qpdf/qtest/qpdf/issue-149.out

+2
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
WARNING: issue-149.pdf: reported number of objects (11) inconsistent with actual number of objects (7)
2+
qpdf: operation succeeded with warnings; resulting file may have some problems

Diff for: qpdf/qtest/qpdf/issue-149.pdf

1.65 KB
Binary file not shown.

0 commit comments

Comments
 (0)