Fix stack overflow on direct root (fuzz issue 26761)

2020-10-31 13:10:39 -04:00 · 2020-10-31 13:10:39 -04:00 · 6971f78ff6
parent ffe6af6f77
commit 6971f78ff6
3 changed files with 6 additions and 1 deletions
--- a/4
+++ b/4
@ -1,5 +1,9 @@
 2020-10-31  Jay Berkenbilt  <ejb@ql.org>

+	* Don't enter extension initialization in QPDFWriter on a direct
+	object. Fixes stack overflow in pathological case of /Root being a
+	direct object (fuzz issue 26761).
+
 	* My previous fix to #449 (handling foreign streams with indirect
 	objects in /Filter and/or /DecodeParms) was incorrect and caused
 	other problems. There is a now a correct fix to the original
--- a/fuzz/qpdf_extra/26761.fuzz
+++ b/fuzz/qpdf_extra/26761.fuzz
--- a/libqpdf/QPDFWriter.cc
+++ b/libqpdf/QPDFWriter.cc
@ -1537,7 +1537,8 @@ QPDFWriter::unparseObject(QPDFObjectHandle object, int level,
        bool have_extensions_adbe = false;

        QPDFObjectHandle extensions;
-        if (old_og == this->m->pdf.getRoot().getObjGen())
+        if ((old_og.getObj() != 0) &&
+            (old_og == this->m->pdf.getRoot().getObjGen()))
        {
            is_root = true;
            if (object.hasKey("/Extensions") &&