2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 19:08:59 +00:00

Merge pull request #1273 from m-holger/fuzz

In QPDF::readObjectAtOffset fail early on 'expect n n obj'
This commit is contained in:
m-holger 2024-08-24 00:01:24 +01:00 committed by GitHub
commit fbba156ca2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -1727,22 +1727,26 @@ QPDF::readObjectAtOffset(
} }
m->file->seek(offset, SEEK_SET); m->file->seek(offset, SEEK_SET);
try {
QPDFTokenizer::Token tobjid = readToken(m->file); QPDFTokenizer::Token tobjid = readToken(m->file);
bool objidok = tobjid.isInteger();
QTC::TC("qpdf", "QPDF check objid", objidok ? 1 : 0);
if (!objidok) {
QTC::TC("qpdf", "QPDF expected n n obj");
throw damagedPDF(offset, "expected n n obj");
}
QPDFTokenizer::Token tgen = readToken(m->file); QPDFTokenizer::Token tgen = readToken(m->file);
bool genok = tgen.isInteger();
QTC::TC("qpdf", "QPDF check generation", genok ? 1 : 0);
if (!genok) {
throw damagedPDF(offset, "expected n n obj");
}
QPDFTokenizer::Token tobj = readToken(m->file); QPDFTokenizer::Token tobj = readToken(m->file);
bool objidok = tobjid.isInteger();
bool genok = tgen.isInteger();
bool objok = tobj.isWord("obj"); bool objok = tobj.isWord("obj");
QTC::TC("qpdf", "QPDF check objid", objidok ? 1 : 0);
QTC::TC("qpdf", "QPDF check generation", genok ? 1 : 0);
QTC::TC("qpdf", "QPDF check obj", objok ? 1 : 0); QTC::TC("qpdf", "QPDF check obj", objok ? 1 : 0);
try { if (!objok) {
if (!(objidok && genok && objok)) {
QTC::TC("qpdf", "QPDF expected n n obj");
throw damagedPDF(offset, "expected n n obj"); throw damagedPDF(offset, "expected n n obj");
} }
int objid = QUtil::string_to_int(tobjid.getValue().c_str()); int objid = QUtil::string_to_int(tobjid.getValue().c_str());