octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 02:49:00 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1273 from m-holger/fuzz

Browse Source 
In QPDF::readObjectAtOffset fail early on 'expect n n obj'
This commit is contained in:
m-holger 2024-08-24 00:01:24 +01:00 committed by GitHub
commit fbba156ca2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 18 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
libqpdf/QPDF.cc
View File

@ -1727,24 +1727,28 @@ QPDF::readObjectAtOffset(
}
m->file->seek(offset, SEEK_SET);
QPDFTokenizer::Token tobjid = readToken(m->file);
QPDFTokenizer::Token tgen = readToken(m->file);
QPDFTokenizer::Token tobj = readToken(m->file);
bool objidok = tobjid.isInteger();
bool genok = tgen.isInteger();
bool objok = tobj.isWord("obj");
QTC::TC("qpdf", "QPDF check objid", objidok ? 1 : 0);
QTC::TC("qpdf", "QPDF check generation", genok ? 1 : 0);
QTC::TC("qpdf", "QPDF check obj", objok ? 1 : 0);
try {
if (!(objidok && genok && objok)) {
QPDFTokenizer::Token tobjid = readToken(m->file);
bool objidok = tobjid.isInteger();
QTC::TC("qpdf", "QPDF check objid", objidok ? 1 : 0);
if (!objidok) {
QTC::TC("qpdf", "QPDF expected n n obj");
throw damagedPDF(offset, "expected n n obj");
}
QPDFTokenizer::Token tgen = readToken(m->file);
bool genok = tgen.isInteger();
QTC::TC("qpdf", "QPDF check generation", genok ? 1 : 0);
if (!genok) {
throw damagedPDF(offset, "expected n n obj");
}
QPDFTokenizer::Token tobj = readToken(m->file);
bool objok = tobj.isWord("obj");
QTC::TC("qpdf", "QPDF check obj", objok ? 1 : 0);
if (!objok) {
throw damagedPDF(offset, "expected n n obj");
}
int objid = QUtil::string_to_int(tobjid.getValue().c_str());
int generation = QUtil::string_to_int(tgen.getValue().c_str());
og = QPDFObjGen(objid, generation);