octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 19:08:59 +00:00
Code Issues Releases Wiki Activity

Fix stack overflow on direct root (fuzz issue 26761)

Browse Source
This commit is contained in:
Jay Berkenbilt 2020-10-31 13:10:39 -04:00
parent ffe6af6f77
commit 6971f78ff6
3 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@ -1,5 +1,9 @@
2020-10-31 Jay Berkenbilt <ejb@ql.org> 2020-10-31 Jay Berkenbilt <ejb@ql.org>
* Don't enter extension initialization in QPDFWriter on a direct
object. Fixes stack overflow in pathological case of /Root being a
direct object (fuzz issue 26761).
* My previous fix to #449 (handling foreign streams with indirect * My previous fix to #449 (handling foreign streams with indirect
objects in /Filter and/or /DecodeParms) was incorrect and caused objects in /Filter and/or /DecodeParms) was incorrect and caused
other problems. There is a now a correct fix to the original other problems. There is a now a correct fix to the original

BIN
fuzz/qpdf_extra/26761.fuzz Normal file
View File

Binary file not shown.

3
libqpdf/QPDFWriter.cc
View File

@ -1537,7 +1537,8 @@ QPDFWriter::unparseObject(QPDFObjectHandle object, int level,
bool have_extensions_adbe = false; bool have_extensions_adbe = false;
QPDFObjectHandle extensions; QPDFObjectHandle extensions;
if (old_og == this->m->pdf.getRoot().getObjGen()) if ((old_og.getObj() != 0) &&
(old_og == this->m->pdf.getRoot().getObjGen()))
{ {
is_root = true; is_root = true;
if (object.hasKey("/Extensions") && if (object.hasKey("/Extensions") &&