Handle bitstream overflow errors more gracefully (fixes #581)

* Make it a runtime error, not a logic error * Include additional information * Capture it properly in checkLinearization
2021-12-10 15:14:26 -05:00 · 2021-12-10 15:14:26 -05:00 · af2a71aa2c
parent 1c62c2a342
commit af2a71aa2c
8 changed files with 17 additions and 9 deletions
--- a/2
+++ b/2
@ -1,5 +1,7 @@
 2021-12-10  Jay Berkenbilt  <ejb@ql.org>

+	* Handle bitstream overflow errors more gracefully. Fixes #581.
+
 	* C API: add qpdf_get_object_by_id, qpdf_make_indirect_object, and
 	qpdf_replace_object, exposing the corresponding methods in QPDF
 	and QPDFObjectHandle. Fixes #588.
--- a/libqpdf/QPDF_linearization.cc
+++ b/libqpdf/QPDF_linearization.cc
@ -71,9 +71,11 @@ QPDF::checkLinearization()
 	readLinearizationData();
 	result = checkLinearizationInternal();
    }
-    catch (QPDFExc& e)
+    catch (std::runtime_error& e)
    {
-	*this->m->err_stream << e.what() << std::endl;
+	*this->m->err_stream
+            << "WARNING: error encountered while checking linearization data: "
+            << e.what() << std::endl;
    }
    return result;
 }
--- a/libqpdf/bits.icc
+++ b/libqpdf/bits.icc
@ -6,6 +6,7 @@
 #include <stdexcept>
 #include <qpdf/QTC.hh>
 #include <qpdf/Pipeline.hh>
+#include <qpdf/QUtil.hh>

 // These functions may be run at places where the function call
 // overhead from test coverage testing would be too high.  Therefore,
@ -28,7 +29,10 @@ read_bits(unsigned char const*& p, size_t& bit_offset,

    if (bits_wanted > bits_available)
    {
-	throw std::length_error("overflow reading bit stream");
+	throw std::runtime_error(
+            "overflow reading bit stream: wanted = " +
+            QUtil::uint_to_string(bits_wanted) + "; available = " +
+            QUtil::uint_to_string(bits_available));
    }
    if (bits_wanted > 32)
    {
--- a/libtests/qtest/bits/bits.out
+++ b/libtests/qtest/bits/bits.out
@ -17,7 +17,7 @@ bits read: 0, result = 0
 byte offset = 4, bit offset = 3, bits available = 28
 bits read: 25, result = 5320361
 byte offset = 7, bit offset = 2, bits available = 3
-exception: overflow reading bit stream
+exception: overflow reading bit stream: wanted = 4; available = 3
 byte offset = 7, bit offset = 2, bits available = 3
 bits read: 3, result = 3
 byte offset = 8, bit offset = 7, bits available = 0
--- a/qpdf/qtest/qpdf.test
+++ b/qpdf/qtest/qpdf.test
@ -1788,12 +1788,12 @@ $td->runtest("bounds check linearization data 2",
             {$td->FILE => "linearization-bounds-2.out",
              $td->EXIT_STATUS => 3},
             $td->NORMALIZE_NEWLINES);
-# Throws logic error, not bad_alloc
+# Throws runtime error, not bad_alloc
 $td->runtest("sanity check array size",
             {$td->COMMAND =>
                  "qpdf --check linearization-large-vector-alloc.pdf"},
             {$td->FILE => "linearization-large-vector-alloc.out",
-              $td->EXIT_STATUS => 2},
+              $td->EXIT_STATUS => 3},
             $td->NORMALIZE_NEWLINES);

 show_ntests();
--- a/qpdf/qtest/qpdf/linearization-bounds-1.out
+++ b/qpdf/qtest/qpdf/linearization-bounds-1.out
@ -5,4 +5,4 @@ File is linearized
 WARNING: linearization-bounds-1.pdf (linearization hint stream: object 62 0, offset 12302): expected endstream
 WARNING: linearization-bounds-1.pdf (linearization hint stream: object 62 0, offset 1183): attempting to recover stream length
 WARNING: linearization-bounds-1.pdf (linearization hint stream: object 62 0, offset 1183): recovered stream length: 106
-linearization-bounds-1.pdf (linearization hint table, offset 1183): /S (shared object) offset is out of bounds
+WARNING: error encountered while checking linearization data: linearization-bounds-1.pdf (linearization hint table, offset 1183): /S (shared object) offset is out of bounds
--- a/qpdf/qtest/qpdf/linearization-bounds-2.out
+++ b/qpdf/qtest/qpdf/linearization-bounds-2.out
@ -5,4 +5,4 @@ File is linearized
 WARNING: linearization-bounds-2.pdf (linearization hint stream: object 62 0, offset 1282): expected endstream
 WARNING: linearization-bounds-2.pdf (linearization hint stream: object 62 0, offset 1183): attempting to recover stream length
 WARNING: linearization-bounds-2.pdf (linearization hint stream: object 62 0, offset 1183): recovered stream length: 106
-linearization-bounds-2.pdf (linearization hint table, offset 1183): /S (shared object) offset is out of bounds
+WARNING: error encountered while checking linearization data: linearization-bounds-2.pdf (linearization hint table, offset 1183): /S (shared object) offset is out of bounds
--- a/qpdf/qtest/qpdf/linearization-large-vector-alloc.out
+++ b/qpdf/qtest/qpdf/linearization-large-vector-alloc.out
@ -5,4 +5,4 @@ File is linearized
 WARNING: linearization-large-vector-alloc.pdf (linearization hint stream: object 62 0, offset 1282): expected endstream
 WARNING: linearization-large-vector-alloc.pdf (linearization hint stream: object 62 0, offset 1183): attempting to recover stream length
 WARNING: linearization-large-vector-alloc.pdf (linearization hint stream: object 62 0, offset 1183): recovered stream length: 106
-ERROR: overflow reading bit stream
+WARNING: error encountered while checking linearization data: overflow reading bit stream: wanted = 12556; available = 968