2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-23 11:28:56 +00:00
Commit Graph

300 Commits

Author SHA1 Message Date
Jay Berkenbilt
5e3bad2f86 Refactor random data generation
Add new RandomDataProvider object and implement existing random number
generation in terms of that.  This enables end users to supply their
own random data providers.
2013-12-14 15:17:35 -05:00
Jay Berkenbilt
e9a319fb95 Allow arbitrary whitespace, not just newline, after xref
Fixes #27.
2013-12-14 15:17:23 -05:00
Jay Berkenbilt
7393a03868 Update lastOffset when reading 2013-12-14 15:17:07 -05:00
Jay Berkenbilt
478c05fcab Allow -DNO_GET_ENVIRONMENT to avoid GetEnvironmentVariable
If NO_GET_ENVIRONMENT is #defined at compile time on Windows, do not
call GetEnvironmentVariable.  QUtil::get_env will always return
false.  This option is not available through configure.  This was
added to support a specific user's requirements to avoid calling
GetEnvironmentVariable from the Windows API.  Nothing in qpdf outside
the test coverage system in qtest relies on QUtil::get_env.
2013-11-30 15:58:32 -05:00
Jay Berkenbilt
dc9df97466 Include <algorithm> for std::min, std::max 2013-11-29 10:48:16 -05:00
Jay Berkenbilt
e1bd72b46c Prepare for 5.0.1 release 2013-10-18 13:51:30 -04:00
Jay Berkenbilt
a237e92445 Warn when -accessibility=n will be ignored
Also accept -accessibility=n with 256 bit keys even though it will be
ignored.
2013-10-18 10:45:15 -04:00
Jay Berkenbilt
ac9c1f0d56 Security: replace operator[] with at
For std::string and std::vector, replace operator[] with at.  This was
done using an automated process.  See README.hardening for details.
2013-10-18 10:45:14 -04:00
Jay Berkenbilt
4229457068 Security: use a secure random number generator
If not available, give an error.  The user may also configure qpdf to
use an insecure random number generator.
2013-10-18 10:45:12 -04:00
Jay Berkenbilt
e19eb579b2 Replace some assertions with std::logic_error
Ideally, the library should never call assert outside of test code,
but it does in several places.  For some cases where the assertion
might conceivably fail because of a problem with the input data,
replace assertions with exceptions so that they can be trapped by the
calling application.  This commit surely misses some cases and
replaced some cases unnecessarily, but it should still be an
improvement.
2013-10-09 20:57:14 -04:00
Jay Berkenbilt
0bfe902489 Security: avoid pre-allocating vectors based on file data
In places where std::vector<T>(size_t) was used, either validate that
the size parameter is sane or refactor code to avoid the need to
pre-allocate the vector.
2013-10-09 20:57:14 -04:00
Jay Berkenbilt
10bceb552f Security: sanitize /W in xref stream
The /W array was not sanitized, possibly causing an integer overflow
in a multiplication. An analysis of the code suggests that there were
no possible exploits based on this since the problems were in checking
expected values but bounds checks were performed on actual values.
2013-10-09 20:57:07 -04:00
Jay Berkenbilt
3eb4b066ab Security: better bounds checks for linearization data
The faulty code was only used during explicit checks of linearization
data.  Those checks are not part of normal reading or writing of PDF
files.
2013-10-09 19:50:09 -04:00
Jay Berkenbilt
b097d7a81b Security: handle empty name in normalizeName 2013-10-09 19:50:09 -04:00
Jay Berkenbilt
eb1b1264b4 Security: fix potential multiplication overflow
Better sanity check inputs to bit stream reader
2013-10-09 19:50:09 -04:00
Jay Berkenbilt
c2e91d8ec3 Security: keep cur_byte pointing into bytes array 2013-10-09 19:50:07 -04:00
Jay Berkenbilt
66e63b8667 Prepare 5.0.0 release 2013-07-10 12:29:13 -04:00
Jay Berkenbilt
cee2592ed1 Change API/ABI and withdraw 4.2.0
4.2.0 was binary incompatible in spite of there being no deletions or
changes to any public methods.  As such, we have to bump the ABI and
are fixing some API breakage while we're at it.

Previous 4.3.0 target is now 5.1.0.
2013-07-10 11:30:13 -04:00
Jay Berkenbilt
f31e526d67 Prepare 4.2.0 release 2013-07-07 19:43:16 -04:00
Jay Berkenbilt
b84f57e56d Ignore broken DecodeParms for stream with no filters 2013-07-07 19:43:16 -04:00
Jay Berkenbilt
88bacb6449 Fix QPDFObjGen constructor implementation 2013-07-07 19:43:01 -04:00
Jay Berkenbilt
212812d837 Fix errors reported by Coverity
Thanks to Jiri Popelka from Red Hat for sending the output of a
Coverity run over qpdf.
2013-07-07 15:36:51 -04:00
Jay Berkenbilt
a85007cb0d Handle more broken files
Space rather than newline after xref, missing /ID in trailer for
encrypted file.  This enables qpdf to handle some files that xpdf can
handle.  Adobe reader can't necessarily handle them.
2013-06-15 12:40:01 -04:00
Jay Berkenbilt
16051788ed Handle /Outlines dictionary being a direct object
Even though this case is not valid according to the spec, it has been
seen, and caused an internal error.
2013-06-14 21:36:04 -04:00
Jay Berkenbilt
eae8370cd9 Add optional /Length key in crypt filter dictionary 2013-06-14 20:42:39 -04:00
Jay Berkenbilt
a3576a7359 Bug fix: handle generation > 0 when generating object streams
Rework QPDFWriter to always track old object IDs and QPDFObjGen
instead of int, thus not discarding the generation number.  Switch to
QPDF::getCompressibleObjGen() to properly handle the case of an old
object eligible for compression that has a generation of other than
zero.
2013-06-14 14:58:09 -04:00
Jay Berkenbilt
96eb965115 Use QPDFObjectHandle::getObjGen() where appropriate
In internal code and examples, replace calls to getObjectID() and
getGeneration() with calls to getObjGen() where possible.
2013-06-14 14:58:09 -04:00
Jay Berkenbilt
5039da0b91 Add QPDFObjectHandle::getObjGen()
This is safer than getObjectID() and getGeneration() for many uses.
2013-06-14 14:58:09 -04:00
Jay Berkenbilt
d88231e01e Promote QPDF::ObjGen to top-level object QPDFObjGen 2013-06-14 14:58:08 -04:00
Jay Berkenbilt
690d6031db Remove duplicated comment 2013-06-08 18:58:31 -04:00
Jay Berkenbilt
f02c5f5e12 Final preparation for 4.1.0 release 2013-04-14 15:03:51 -04:00
Jay Berkenbilt
403bb68d33 Run spelling checker 2013-04-14 14:36:25 -04:00
Jay Berkenbilt
2d02b3cc3d Add explicit int to double cast 2013-04-04 14:13:31 -04:00
Jay Berkenbilt
8e636ea680 Protect gcc diagnostic pragmas with gcc version
Versions prior to 4.6 didn't allow gcc diagnostic pragmas with push
and pop and to appear anywhere in the file.  Just let the warning be
there for those versions.
2013-03-27 17:36:28 -04:00
Jay Berkenbilt
29f5830325 Fix getTypeCode and getTypeName work for indirect objects
Remove const qualifier from getTypeCode and get getTypeName methods of
QPDFObjectHandle, make them work properly for indirect objects, and
exercise them much better in the test suite.
2013-03-05 13:35:46 -05:00
Jay Berkenbilt
119f2a4b68 Add method to terminate content stream parsing 2013-03-05 13:35:46 -05:00
Jay Berkenbilt
fd64959398 Favor strerror_s and fopen_s on MSVC
Make remaining calls to fopen and strerror use strerror_s and fopen_s
on MSVC.
2013-03-05 13:35:46 -05:00
Jay Berkenbilt
ac4deac187 Call QUtil::safe_fopen in place of fopen
fopen was previuosly called wrapped by QUtil::fopen_wrapper, but
QUtil::safe_fopen does this itself, which is less cumbersome.
2013-03-05 13:35:46 -05:00
Jay Berkenbilt
7ccc9bd9d5 Remove all calls to strcpy 2013-03-05 13:35:46 -05:00
Jay Berkenbilt
a51ae10b8d Remove all calls to sprintf 2013-03-05 13:35:46 -05:00
Jay Berkenbilt
66c3c8fdf7 Use portable versions of some UNIX-specific calls
Remove needless calls to open, close, and fileno; call remove instead
of unlink.
2013-03-05 13:35:46 -05:00
Jay Berkenbilt
6b9297882e Mark secure CRT warnings with comment
Put a specific comment marker next to every piece of code that MSVC
gives warning 4996 for.  This warning is generated for calls to
functions that Microsoft considers insecure or deprecated.  This
change is in preparation for fixing all these cases even though none
of them are actually incorrect or insecure as used in qpdf.  The
comment marker makes them easier to find so they can be fixed in
subsequent commits.
2013-03-05 13:33:32 -05:00
Jay Berkenbilt
8be8277613 Rewrite QUtil::int_to_string and QUtil::double_to_string
Make them safer by avoiding any internal limits and replacing sprintf
with std::ostringstream.
2013-03-04 16:45:16 -05:00
Jay Berkenbilt
ed19516aa7 Fix unused local variable warnings 2013-03-04 16:45:16 -05:00
Jay Berkenbilt
30027481f7 Remove all old-style casts from C++ code 2013-03-04 16:45:16 -05:00
Jay Berkenbilt
32b62035ce Replace many calls to sprintf with QUtil::hex_encode
Add QUtil::hex_encode to encode binary data has a hexadecimal string,
and use it in place of sprintf where possible.
2013-03-04 16:45:15 -05:00
Jay Berkenbilt
6c7bf114dc Bug fix: properly handle overridden compressed objects
When caching objects in an object stream, only cache objects that
still resolve to that stream.  See Changelog mod from this commit for
details.
2013-02-23 17:51:17 -05:00
Jay Berkenbilt
a5d8783f67 Improve qpdf --check
Fix exit status for case of errors without warnings, continue after
errors when possible, add test case for parsing a file with content
stream errors on some but not all pages.
2013-01-25 11:08:50 -05:00
Jay Berkenbilt
bfda717749 Cosmetic changes to be closer to Adobe terminology
Change object type Keyword to Operator, and place the order of the
object types in object_type_e in the same order as they are mentioned
in the PDF specification.

Note that this change only breaks backward compatibility with code
that has not yet been released.
2013-01-23 09:38:05 -05:00
Jay Berkenbilt
913eb5ac35 Add getTypeCode() and getTypeName()
Add virtual methods to QPDFObject, wrappers to QPDFObjectHandle, and
implementations to all the QPDF_Object types.
2013-01-22 10:01:45 -05:00