2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 10:58:58 +00:00

Handle bitstream overflow errors more gracefully (fixes #581)

* Make it a runtime error, not a logic error
* Include additional information
* Capture it properly in checkLinearization
This commit is contained in:
Jay Berkenbilt 2021-12-10 15:14:26 -05:00
parent 1c62c2a342
commit af2a71aa2c
8 changed files with 17 additions and 9 deletions

View File

@ -1,5 +1,7 @@
2021-12-10 Jay Berkenbilt <ejb@ql.org> 2021-12-10 Jay Berkenbilt <ejb@ql.org>
* Handle bitstream overflow errors more gracefully. Fixes #581.
* C API: add qpdf_get_object_by_id, qpdf_make_indirect_object, and * C API: add qpdf_get_object_by_id, qpdf_make_indirect_object, and
qpdf_replace_object, exposing the corresponding methods in QPDF qpdf_replace_object, exposing the corresponding methods in QPDF
and QPDFObjectHandle. Fixes #588. and QPDFObjectHandle. Fixes #588.

View File

@ -71,9 +71,11 @@ QPDF::checkLinearization()
readLinearizationData(); readLinearizationData();
result = checkLinearizationInternal(); result = checkLinearizationInternal();
} }
catch (QPDFExc& e) catch (std::runtime_error& e)
{ {
*this->m->err_stream << e.what() << std::endl; *this->m->err_stream
<< "WARNING: error encountered while checking linearization data: "
<< e.what() << std::endl;
} }
return result; return result;
} }

View File

@ -6,6 +6,7 @@
#include <stdexcept> #include <stdexcept>
#include <qpdf/QTC.hh> #include <qpdf/QTC.hh>
#include <qpdf/Pipeline.hh> #include <qpdf/Pipeline.hh>
#include <qpdf/QUtil.hh>
// These functions may be run at places where the function call // These functions may be run at places where the function call
// overhead from test coverage testing would be too high. Therefore, // overhead from test coverage testing would be too high. Therefore,
@ -28,7 +29,10 @@ read_bits(unsigned char const*& p, size_t& bit_offset,
if (bits_wanted > bits_available) if (bits_wanted > bits_available)
{ {
throw std::length_error("overflow reading bit stream"); throw std::runtime_error(
"overflow reading bit stream: wanted = " +
QUtil::uint_to_string(bits_wanted) + "; available = " +
QUtil::uint_to_string(bits_available));
} }
if (bits_wanted > 32) if (bits_wanted > 32)
{ {

View File

@ -17,7 +17,7 @@ bits read: 0, result = 0
byte offset = 4, bit offset = 3, bits available = 28 byte offset = 4, bit offset = 3, bits available = 28
bits read: 25, result = 5320361 bits read: 25, result = 5320361
byte offset = 7, bit offset = 2, bits available = 3 byte offset = 7, bit offset = 2, bits available = 3
exception: overflow reading bit stream exception: overflow reading bit stream: wanted = 4; available = 3
byte offset = 7, bit offset = 2, bits available = 3 byte offset = 7, bit offset = 2, bits available = 3
bits read: 3, result = 3 bits read: 3, result = 3
byte offset = 8, bit offset = 7, bits available = 0 byte offset = 8, bit offset = 7, bits available = 0

View File

@ -1788,12 +1788,12 @@ $td->runtest("bounds check linearization data 2",
{$td->FILE => "linearization-bounds-2.out", {$td->FILE => "linearization-bounds-2.out",
$td->EXIT_STATUS => 3}, $td->EXIT_STATUS => 3},
$td->NORMALIZE_NEWLINES); $td->NORMALIZE_NEWLINES);
# Throws logic error, not bad_alloc # Throws runtime error, not bad_alloc
$td->runtest("sanity check array size", $td->runtest("sanity check array size",
{$td->COMMAND => {$td->COMMAND =>
"qpdf --check linearization-large-vector-alloc.pdf"}, "qpdf --check linearization-large-vector-alloc.pdf"},
{$td->FILE => "linearization-large-vector-alloc.out", {$td->FILE => "linearization-large-vector-alloc.out",
$td->EXIT_STATUS => 2}, $td->EXIT_STATUS => 3},
$td->NORMALIZE_NEWLINES); $td->NORMALIZE_NEWLINES);
show_ntests(); show_ntests();

View File

@ -5,4 +5,4 @@ File is linearized
WARNING: linearization-bounds-1.pdf (linearization hint stream: object 62 0, offset 12302): expected endstream WARNING: linearization-bounds-1.pdf (linearization hint stream: object 62 0, offset 12302): expected endstream
WARNING: linearization-bounds-1.pdf (linearization hint stream: object 62 0, offset 1183): attempting to recover stream length WARNING: linearization-bounds-1.pdf (linearization hint stream: object 62 0, offset 1183): attempting to recover stream length
WARNING: linearization-bounds-1.pdf (linearization hint stream: object 62 0, offset 1183): recovered stream length: 106 WARNING: linearization-bounds-1.pdf (linearization hint stream: object 62 0, offset 1183): recovered stream length: 106
linearization-bounds-1.pdf (linearization hint table, offset 1183): /S (shared object) offset is out of bounds WARNING: error encountered while checking linearization data: linearization-bounds-1.pdf (linearization hint table, offset 1183): /S (shared object) offset is out of bounds

View File

@ -5,4 +5,4 @@ File is linearized
WARNING: linearization-bounds-2.pdf (linearization hint stream: object 62 0, offset 1282): expected endstream WARNING: linearization-bounds-2.pdf (linearization hint stream: object 62 0, offset 1282): expected endstream
WARNING: linearization-bounds-2.pdf (linearization hint stream: object 62 0, offset 1183): attempting to recover stream length WARNING: linearization-bounds-2.pdf (linearization hint stream: object 62 0, offset 1183): attempting to recover stream length
WARNING: linearization-bounds-2.pdf (linearization hint stream: object 62 0, offset 1183): recovered stream length: 106 WARNING: linearization-bounds-2.pdf (linearization hint stream: object 62 0, offset 1183): recovered stream length: 106
linearization-bounds-2.pdf (linearization hint table, offset 1183): /S (shared object) offset is out of bounds WARNING: error encountered while checking linearization data: linearization-bounds-2.pdf (linearization hint table, offset 1183): /S (shared object) offset is out of bounds

View File

@ -5,4 +5,4 @@ File is linearized
WARNING: linearization-large-vector-alloc.pdf (linearization hint stream: object 62 0, offset 1282): expected endstream WARNING: linearization-large-vector-alloc.pdf (linearization hint stream: object 62 0, offset 1282): expected endstream
WARNING: linearization-large-vector-alloc.pdf (linearization hint stream: object 62 0, offset 1183): attempting to recover stream length WARNING: linearization-large-vector-alloc.pdf (linearization hint stream: object 62 0, offset 1183): attempting to recover stream length
WARNING: linearization-large-vector-alloc.pdf (linearization hint stream: object 62 0, offset 1183): recovered stream length: 106 WARNING: linearization-large-vector-alloc.pdf (linearization hint stream: object 62 0, offset 1183): recovered stream length: 106
ERROR: overflow reading bit stream WARNING: error encountered while checking linearization data: overflow reading bit stream: wanted = 12556; available = 968