From 1b6a504d424d3a153b97e8da12492eb597635671 Mon Sep 17 00:00:00 2001
From: m-holger <m.holger@qpdf.org>
Date: Sat, 28 Sep 2024 00:25:31 +0100
Subject: [PATCH] Add sanity check for xref stream /Size entry

---
 libqpdf/QPDF.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc
index 5a38ec94..ce5038e3 100644
--- a/libqpdf/QPDF.cc
+++ b/libqpdf/QPDF.cc
@@ -1295,6 +1295,9 @@ QPDF::Xref_table::process_stream(qpdf_offset_t xref_offset, QPDFObjectHandle& xr
 
     if (!trailer_) {
         trailer_ = dict;
+        if (size > toS(max_id_)) {
+            throw damaged("Cross-reference stream /Size entry is impossibly large");
+        }
         table.resize(size);
     }