From ef49291682037eebde9de28ae893f6c9361577b4 Mon Sep 17 00:00:00 2001 From: m-holger Date: Fri, 23 Aug 2024 14:09:20 +0100 Subject: [PATCH] In QPDF::readObjectAtOffset fail early on 'expect n n obj' --- libqpdf/QPDF.cc | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc index c5f8ee74..6200a192 100644 --- a/libqpdf/QPDF.cc +++ b/libqpdf/QPDF.cc @@ -1727,24 +1727,28 @@ QPDF::readObjectAtOffset( } m->file->seek(offset, SEEK_SET); - - QPDFTokenizer::Token tobjid = readToken(m->file); - QPDFTokenizer::Token tgen = readToken(m->file); - QPDFTokenizer::Token tobj = readToken(m->file); - - bool objidok = tobjid.isInteger(); - bool genok = tgen.isInteger(); - bool objok = tobj.isWord("obj"); - - QTC::TC("qpdf", "QPDF check objid", objidok ? 1 : 0); - QTC::TC("qpdf", "QPDF check generation", genok ? 1 : 0); - QTC::TC("qpdf", "QPDF check obj", objok ? 1 : 0); - try { - if (!(objidok && genok && objok)) { + QPDFTokenizer::Token tobjid = readToken(m->file); + bool objidok = tobjid.isInteger(); + QTC::TC("qpdf", "QPDF check objid", objidok ? 1 : 0); + if (!objidok) { QTC::TC("qpdf", "QPDF expected n n obj"); throw damagedPDF(offset, "expected n n obj"); } + QPDFTokenizer::Token tgen = readToken(m->file); + bool genok = tgen.isInteger(); + QTC::TC("qpdf", "QPDF check generation", genok ? 1 : 0); + if (!genok) { + throw damagedPDF(offset, "expected n n obj"); + } + QPDFTokenizer::Token tobj = readToken(m->file); + + bool objok = tobj.isWord("obj"); + QTC::TC("qpdf", "QPDF check obj", objok ? 1 : 0); + + if (!objok) { + throw damagedPDF(offset, "expected n n obj"); + } int objid = QUtil::string_to_int(tobjid.getValue().c_str()); int generation = QUtil::string_to_int(tgen.getValue().c_str()); og = QPDFObjGen(objid, generation);