mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 10:58:58 +00:00
Merge pull request #1273 from m-holger/fuzz
In QPDF::readObjectAtOffset fail early on 'expect n n obj'
This commit is contained in:
commit
fbba156ca2
@ -1727,22 +1727,26 @@ QPDF::readObjectAtOffset(
|
||||
}
|
||||
|
||||
m->file->seek(offset, SEEK_SET);
|
||||
|
||||
try {
|
||||
QPDFTokenizer::Token tobjid = readToken(m->file);
|
||||
bool objidok = tobjid.isInteger();
|
||||
QTC::TC("qpdf", "QPDF check objid", objidok ? 1 : 0);
|
||||
if (!objidok) {
|
||||
QTC::TC("qpdf", "QPDF expected n n obj");
|
||||
throw damagedPDF(offset, "expected n n obj");
|
||||
}
|
||||
QPDFTokenizer::Token tgen = readToken(m->file);
|
||||
bool genok = tgen.isInteger();
|
||||
QTC::TC("qpdf", "QPDF check generation", genok ? 1 : 0);
|
||||
if (!genok) {
|
||||
throw damagedPDF(offset, "expected n n obj");
|
||||
}
|
||||
QPDFTokenizer::Token tobj = readToken(m->file);
|
||||
|
||||
bool objidok = tobjid.isInteger();
|
||||
bool genok = tgen.isInteger();
|
||||
bool objok = tobj.isWord("obj");
|
||||
|
||||
QTC::TC("qpdf", "QPDF check objid", objidok ? 1 : 0);
|
||||
QTC::TC("qpdf", "QPDF check generation", genok ? 1 : 0);
|
||||
QTC::TC("qpdf", "QPDF check obj", objok ? 1 : 0);
|
||||
|
||||
try {
|
||||
if (!(objidok && genok && objok)) {
|
||||
QTC::TC("qpdf", "QPDF expected n n obj");
|
||||
if (!objok) {
|
||||
throw damagedPDF(offset, "expected n n obj");
|
||||
}
|
||||
int objid = QUtil::string_to_int(tobjid.getValue().c_str());
|
||||
|
Loading…
Reference in New Issue
Block a user