From 12db09898e70fcdc308cf500a95fb166e696b6dc Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Wed, 26 Jul 2017 05:35:34 -0400
Subject: [PATCH] Don't interpret word tokens in content streams (fixes #82)

---
 ChangeLog                   |  3 +++
 libqpdf/QPDFObjectHandle.cc | 10 +++++-----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 649e5aac..613a0eaf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2017-07-26  Jay Berkenbilt  <ejb@ql.org>
 
+	* Don't attempt to interpret syntactic keywords (like R and
+	endobj) found while parsing content streams.
+
 	* Detect infinite loops while resolving objects. This could happen
 	if something inside an object that had to be resolved during
 	parsing, such as a stream length, recursively referenced the
diff --git a/libqpdf/QPDFObjectHandle.cc b/libqpdf/QPDFObjectHandle.cc
index cd3084cb..fcf9b976 100644
--- a/libqpdf/QPDFObjectHandle.cc
+++ b/libqpdf/QPDFObjectHandle.cc
@@ -964,7 +964,11 @@ QPDFObjectHandle::parseInternal(PointerHolder<InputSource> input,
 	  case QPDFTokenizer::tt_word:
 	    {
 		std::string const& value = token.getValue();
-		if ((value == "R") && (in_array || in_dictionary) &&
+                if (content_stream)
+                {
+                    object = QPDFObjectHandle::newOperator(value);
+                }
+		else if ((value == "R") && (in_array || in_dictionary) &&
 		    (olist.size() >= 2) &&
                     (! olist.at(olist.size() - 1).isIndirect()) &&
 		    (olist.at(olist.size() - 1).isInteger()) &&
@@ -996,10 +1000,6 @@ QPDFObjectHandle::parseInternal(PointerHolder<InputSource> input,
 		    input->seek(input->getLastOffset(), SEEK_SET);
                     empty = true;
 		}
-		else if (content_stream)
-                {
-                    object = QPDFObjectHandle::newOperator(token.getValue());
-                }
 		else
 		{
 		    throw QPDFExc(qpdf_e_damaged_pdf, input->getName(),