2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-23 11:28:56 +00:00
Commit Graph

459 Commits

Author SHA1 Message Date
Jay Berkenbilt
2394acf7a6 Remove explicit direct object check from getObject
An indirect object reference to 0, 0 is invalid. If it appears in the
file or is parsed from a string, the parser catches it. This check
would only be useful for someone explicitly calling getObject with 0,
0, and that would trigger an error during resolve().
2022-09-13 11:21:29 -04:00
Jay Berkenbilt
a0b1a18172 Remove redundant function calls 2022-09-13 11:20:28 -04:00
Jay Berkenbilt
31b2cfbb79 Fix up a few comments 2022-09-13 11:18:49 -04:00
Jay Berkenbilt
0ad4e190ff Make QPDFLogger() private and provide create method 2022-09-09 07:03:29 -04:00
Jay Berkenbilt
18a583e8d9 Rename QPDFValueProxy back to QPDFObject
QPDFValueProxy wasn't a good name for it. We decided the evil of
having the header file be named QPDFObject_private.hh was less than
the evil of having the class be named something other than what it
should have been named.
2022-09-08 11:29:23 -04:00
Jay Berkenbilt
25ccc7eae4 Rename QPDFValueProxy.hh and QPDFValueProxy.cc
Preparing to change the class name back to QPDFObject
2022-09-08 11:19:49 -04:00
Jay Berkenbilt
c7a4967d10 Change reset to disconnect and clarify comments
I decided that it's actually fine to copy a direct object to another
QPDF. Even if we eventually prevent a QPDFObject from having multiple
parents, this could happen if an object is moved.
2022-09-08 11:06:15 -04:00
Jay Berkenbilt
dba61da1bf Create a special "destroyed" type rather than using null
When a QPDF is destroyed, changing indirect objects to direct nulls
makes them effectively disappear silently when they sneak into other
places. Instead, we should treat this as an error. Adding a destroyed
object type makes this possible.
2022-09-08 10:36:39 -04:00
Jay Berkenbilt
264e25f391 Clear owning QPDF information for all objects, not just indirect 2022-09-08 10:19:38 -04:00
Jay Berkenbilt
9dcd25a06e Remove superfluous call to resetObjGen 2022-09-08 10:19:38 -04:00
Jay Berkenbilt
0132261ee0 Revert getOwningQPDF, and add getQPDF that returns a reference 2022-09-07 17:26:39 -04:00
Jay Berkenbilt
6c61be00e8 Rename QPDFObject -> QPDFValueProxy
This is in preparation for restoring a QPDFObject.hh to ease the
transition on qpdf_object_type_e.

This commit was created by
* Renaming QPDFObject.cc and QPDFObject.hh
* Replacing QPDFObject\b with QPDFValueProxy (where \b is word
  boundary)
* Running format-code
* Manually resorting files in libqpdf/CMakeLists.txt
* Manually refilling the comment in QPDF.hh near class Resolver
2022-09-05 18:52:59 -04:00
m-holger
9c86ba40d8 Fix commit 805c1ad : Reset QPDFValue::qpdf and QPDFValue::og when ...
On destruction of the QPDF object replace all indirect object references
with direct nulls.

Remove all existing code to release resolved references.

Fixes performance issue due to interaction of resetting QPDFValue::qpdf and
og members and prior code.
2022-09-04 10:41:18 +01:00
Jay Berkenbilt
a59e7ac7ec Disable copying/assigning to QPDF objects, add QPDF::create() 2022-09-02 08:53:27 -04:00
Jay Berkenbilt
6d62662e2d Make QPDFObject::releaseResolved public
Now that QPDFObject.hh is out of the public API, we don't really need
QPDFObjAccessor. Also, the function didn't have to be virtual anymore.
2022-09-01 18:19:47 -04:00
Jay Berkenbilt
f772c43de8 Stop including QPDFObject.hh from other than private files
This required moving some newly inlined functions back to the cc file,
but that seems to have had no measurable performance impact.
2022-09-01 18:19:47 -04:00
m-holger
805c1ad479 Reset QPDFValue::qpdf and QPDFValue::og when the owning QPDF object gets destroyed 2022-09-01 17:20:16 +01:00
m-holger
2b7e9ba2f5 Remove methods and parameters obsoleted by the last two commits 2022-09-01 17:20:02 +01:00
m-holger
56e9bcabe9 Add methods QPDFObject::setObjGen and QPDFObject::resetObjGen
Also, modify QPDFObject::swapWith to update the ObjGens of the swapped
objects.

Modify QPDF::newIndirect and QPDF::updateCache to keep object ObjGens
up to date.
2022-09-01 17:09:48 +01:00
m-holger
89061d5b33 Change QPDF_Unresolved::create method to take QPDF* and QPDFObjGen parameters 2022-09-01 17:09:07 +01:00
m-holger
ae6e484e23 Change return type of QPDF::resolve to void 2022-09-01 17:08:45 +01:00
m-holger
c5d0428da2 Modify QPDF::getObject to not to resolve the object 2022-09-01 14:47:24 +01:00
m-holger
556c34f0f2 Add private method QPDF::ObjCache::update
Add a new obj_cache entry or update an existing entry in place.
2022-09-01 14:30:26 +01:00
m-holger
c0cd72a3ee Add private methods QPDF::isCached and QPDF::isUnresolved 2022-09-01 14:29:53 +01:00
m-holger
27fae2b55e Remove QPDF::ObjectChanged
Also change QPDF::replaceObject and QPDF::swapObjects such that the
QPDFObject assigned to an og in the obj_cache is never replaced; only
QPDFObject::value is updated.
2022-09-01 14:27:46 +01:00
m-holger
114bffa089 Add private methods QPDFObjectHandle::asArray etc
Centralise casting of QPDFObjects and reduce repeated dereferencing.
2022-09-01 00:10:04 +01:00
m-holger
2a2eebcaea Modify newIndirect to set QPDFObjectHandle::obj 2022-08-31 22:47:11 +01:00
m-holger
16841bec32 Remove QPDFObjectHandle::makeReserved 2022-08-31 22:46:55 +01:00
m-holger
bd300be08d Replace calls to QPDFObjectHandle::Factory::newIndirect where possible 2022-08-31 22:45:45 +01:00
m-holger
c53d54b13d Add optional parameter allow_nullptr to QPDFObjectHandle::getOwningQPDF
Also, inline method and add optional parameter error_msg.
2022-08-28 22:15:59 +01:00
Jay Berkenbilt
b90adb1c6c
Merge pull request #746 from m-holger/smart
Code tidy: remove redundant calls to smart_ptrs get() method
2022-08-07 08:41:50 -04:00
m-holger
7c6901bce5 Code tidy: remove redundant calls to smart_ptrs get() method 2022-08-07 10:33:25 +01:00
m-holger
1553868c4a Add QPDF::getObject to replace getObjectByObjGen and getObjectByID
For consistency with similar methods, e.g. replaceObject.
2022-08-01 19:22:37 +01:00
m-holger
073808aa50 Code tidy : replace 0 with nullptr or true 2022-07-26 13:40:13 +01:00
m-holger
8b4afa428e Revert making second parameter of QPDFObjGen::QPDFObjGen optional
Also, change test for QPDFObjGen::isIndirect to obj != 0.
Delete comment from commit afd35f9.
2022-07-24 16:55:10 +01:00
m-holger
afd35f9a30 Overload StreamDataProvider::provideStreamData
Use 'QPDFObjGen const&' instead of 'int, int' in signature.
2022-07-24 16:02:35 +01:00
m-holger
f7978db1f6 QPDFObjGen : tidy QPDF private methods
Change method signatures to use QPDFObjGen.
Use QPDFObjGen methods where possible.
Remove redundant QPDF::objGenToIndirect.
2022-07-24 16:02:35 +01:00
m-holger
3404ca8ac8 QPDFObjGen : tidy QPDFObjectHandle private methods
Change method signature to use QPDFObjGen.
2022-07-24 15:59:49 +01:00
m-holger
c0168cf88c QPPFObjGen : tidy QPDF::readObjectAtOffset
Change method signature to use QPDFObjGen.
2022-07-24 15:59:49 +01:00
m-holger
eeb6162f76 Add optional parameter separator to QPDFObjGen::unparse
Also, revert inlining of unparse and operator << from commit 4c6640c in
order to avoid exposing QUtil.
2022-07-24 15:41:48 +01:00
Jay Berkenbilt
6f1041afb8 Clarify intent in readObjectAtOffset
Rather than using object id -1 to mean "don't care", use object ID 0,
and clarify the difference between that use and indication of a direct
object.
2022-07-24 09:40:11 -04:00
m-holger
f0a8178091 Refactor QPDFObject creation and cloning
Move responsibility for creating shared pointers to objects and cloning from QPDFObjectHandle to QPDFObject.
2022-06-27 12:47:02 -04:00
Jay Berkenbilt
0c7c7e4ba4 Track whether certain page modifying methods have been called
We need to know whether pushInheritedAttributesToPage or getAllPages
have been called when generating JSON output. When reading the JSON
back in, we have to call the same methods so that object numbers will
line up properly.
2022-06-25 13:55:45 -04:00
Jay Berkenbilt
641e92c6a7 QPDF, QPDFJob: use QPDFLogger instead of custom output streams 2022-06-18 09:02:55 -04:00
m-holger
6c69a747b9 Code clean up: use range-style for loops wherever possible
Remove variables obsoleted by commit 4f24617.
2022-05-21 16:06:29 -04:00
Jay Berkenbilt
47c093c48b Replace std::regex with validators for better performance 2022-05-21 08:43:21 -04:00
Jay Berkenbilt
7e7a9c4379 Parse objects; stream data is not yet handled 2022-05-20 09:16:25 -04:00
Jay Berkenbilt
9064542b5f Add private methods for reserving specific objects 2022-05-20 07:54:09 -04:00
Jay Berkenbilt
9a0e9a1a9e Remove offset from missing /Root error
The last offset is irrelevant to not being able to find /Root.
2022-05-16 13:39:26 -04:00
Jay Berkenbilt
e5f3910c3e Add new FileInputSource constructors 2022-05-04 12:07:11 -04:00
Jay Berkenbilt
21d6e3231f Make use of the new Pipeline methods in some places 2022-05-03 18:31:23 -04:00
Jay Berkenbilt
4f24617e1e Code clean up: use range-style for loops wherever possible
Where not possible, use "auto" to get the iterator type.

Editorial note: I have avoid this change for a long time because of
not wanting to make gratuitous changes to version history, which can
obscure when certain changes were made, but with having recently
touched every single file to apply automatic code formatting and with
making several broad changes to the API, I decided it was time to take
the plunge and get rid of the older (pre-C++11) verbose iterator
syntax. The new code is just easier to read and understand, and in
many cases, it will be more effecient as fewer temporary copies are
being made.

m-holger, if you're reading, you can see that I've finally come
around. :-)
2022-04-30 13:27:18 -04:00
Jay Berkenbilt
7f023701dd Formatting: remove space in range-style for loops
Change .clang-format and commit automated changes from a fresh run of
format-code
2022-04-30 13:26:43 -04:00
Jay Berkenbilt
ab9d557cb0 Use fluent replaceKey 2022-04-29 20:39:54 -04:00
Jay Berkenbilt
68e721981a Add new QPDF::warn that takes most of QPDFExc's arguments 2022-04-23 18:25:43 -04:00
Jay Berkenbilt
75fe4f60c3 Use anonymous namespaces for file-private classes 2022-04-16 13:35:27 -04:00
Jay Berkenbilt
cdd0b4fb7d Use = default and = delete where possible in classes 2022-04-16 11:39:14 -04:00
Jay Berkenbilt
a68703b07e Replace PointerHolder with std::shared_ptr in library sources only
(patrepl and cleanpatch are my own utilities)

patrepl s/PointerHolder/std::shared_ptr/g {include,libqpdf}/qpdf/*.hh
patrepl s/PointerHolder/std::shared_ptr/g libqpdf/*.cc
patrepl s/make_pointer_holder/std::make_shared/g libqpdf/*.cc
patrepl s/make_array_pointer_holder/QUtil::make_shared_array/g libqpdf/*.cc
patrepl s,qpdf/std::shared_ptr,qpdf/PointerHolder, **/*.cc **/*.hh
git restore include/qpdf/PointerHolder.hh
cleanpatch
./format-code
2022-04-09 17:33:29 -04:00
Jay Berkenbilt
77e889495f Update some code manually to get better formatting results
Add comments to force line breaks, parenthesize function arguments
that are contatenated strings, etc. -- these kinds of changes improve
clang-format's results and also cause emacs cc-mode to match
clang-format. After this type of change, most of the time, when
clang-format and emacs disagree, clang-format is better.
2022-04-05 14:56:19 -04:00
Jay Berkenbilt
12f1eb15ca Programmatically apply new formatting to code
Run this:

for i in  **/*.cc **/*.c **/*.h **/*.hh; do
  clang-format < $i >| $i.new && mv $i.new $i
done
2022-04-04 08:10:40 -04:00
Jay Berkenbilt
cfd5147d92 Add QPDF::getVersionAsPDFVersion 2022-02-08 12:34:14 -05:00
Jay Berkenbilt
cb769c62e5 WHITESPACE ONLY -- expand tabs in source code
This comment expands all tabs using an 8-character tab-width. You
should ignore this commit when using git blame or use git blame -w.

In the early days, I used to use tabs where possible for indentation,
since emacs did this automatically. In recent years, I have switched
to only using spaces, which means qpdf source code has been a mixture
of spaces and tabs. I have avoided cleaning this up because of not
wanting gratuitous whitespaces change to cloud the output of git
blame, but I changed my mind after discussing with users who view qpdf
source code in editors/IDEs that have other tab widths by default and
in light of the fact that I am planning to start applying automatic
code formatting soon.
2022-02-08 11:51:15 -05:00
Jay Berkenbilt
c62e8e2b28 Update for clean compile with POINTERHOLDER_TRANSITION=2 2022-02-07 17:38:22 -05:00
Jay Berkenbilt
8cf7f2bfb5 API contract: qpdf_get_qpdf_version() returns a static 2022-02-05 11:24:56 -05:00
Jay Berkenbilt
2229e37e88 Add a blank line after the first header included in each source 2022-02-04 16:31:31 -05:00
Jay Berkenbilt
8eab616d62 Add qpdf version macros to qpdf/DLL.h 2022-02-04 13:41:01 -05:00
Jay Berkenbilt
abc300f05c Replace containers of PointerHolder with containers of std::shared_ptr
None of these are in the public API.
2022-02-04 13:12:37 -05:00
Jay Berkenbilt
9044a24097 PointerHolder: deprecate getPointer() and getRefcount()
Use get() and use_count() instead. Add #define
NO_POINTERHOLDER_DEPRECATION to remove deprecation markers for these
only.

This commit also removes all deprecated PointerHolder API calls from
qpdf's code except in PointerHolder's test suite, which must continue
to test the deprecated APIs.
2022-02-04 13:12:37 -05:00
m-holger
07db3200cb Remove some if statements and simplify some boolean expressions
Use QPDFObjectHandle::isNameAndEquals, isDictionaryOfType and
isStreamOfType.
2022-01-27 07:31:12 -06:00
Jay Berkenbilt
04745320d6 Prepare 10.5.0 release 2021-12-20 14:51:46 -05:00
Jay Berkenbilt
720ce9e8f3 Improve testing and error handling around operating before processing 2021-11-29 07:42:36 -05:00
Jay Berkenbilt
ac17308cf6 Initialize QPDF::Members::file (fixes #584) 2021-11-29 07:16:34 -05:00
Jay Berkenbilt
ce7db05d22 Prepare 10.4.0 release 2021-11-16 15:44:09 -05:00
Jay Berkenbilt
f45dacf4cb Make recovery logic flexible about where objects end (fixes #573)
Don't assume endobj is at the beginning of the line. This means we are
looking at tokens for every line, but the odds of n n obj appearing in
the middle of the object are likely much lower than endobj not being
at the beginning of the line or missing entirely. This will probably
have a negative impact on recovery time for very large files.
Hopefully it will be worth it.
2021-11-07 15:27:22 -05:00
Jay Berkenbilt
bddebdb0ea Prepare 10.3.2 release 2021-05-08 10:41:14 -04:00
Jay Berkenbilt
3f05429cc5 Prepare 10.3.1 release 2021-03-11 12:59:41 -05:00
Jay Berkenbilt
dc65b88457 Prepare 10.3.0 release 2021-03-05 06:15:48 -05:00
Jay Berkenbilt
1bb209a9bf Add QPDF::numWarnings 2021-03-03 17:05:49 -05:00
Jay Berkenbilt
a4d6589ff2 Have QPDFObjectHandle notice when replaceObject was called
This results in a performance penalty of 1% to 2% when replaceObject
and swapObjects are never called and a somewhat larger penalty if they
are called, but it's worth it to avoid very confusing behavior as
discussed in depth in qpdf#507.
2021-02-25 07:32:46 -05:00
Jay Berkenbilt
b5e937397c Prepare 10.2.0 release 2021-02-23 10:41:58 -05:00
Jay Berkenbilt
92fbc6fdf5 QPDFObjectHandle::copyStream 2021-02-21 06:36:30 -05:00
Jay Berkenbilt
60afe4142e Refactor: separate copyStreamData from replaceForeignIndirectObjects 2021-02-21 06:36:30 -05:00
Jay Berkenbilt
e076c9bf08 Remove erroneous handling of /EFF for stream decryption
I thought /EFF was supposed to be used as a default for decrypting
embedded file streams, but actually it's supposed to be advice to a
conforming writer about handling new ones. This makes sense since the
findAttachmentStreams code, which is not actually needed, was never
right.
2021-02-06 17:08:41 -05:00
Jay Berkenbilt
ac2b3b96e1 Make wrong object stream type a warning 2021-02-06 14:29:11 -05:00
Jay Berkenbilt
8ed3e8c79b NNTree: rework iterators to be more memory efficient
Keep a std::pair internal to the iterators so that operator* can
return a reference and operator-> can work, and each can work without
copying pairs of objects around.
2021-01-26 09:12:23 -05:00
Jay Berkenbilt
63e5cb533d Use new QPDF{Name,Number}TreeObjectHelper API 2021-01-24 03:27:28 -05:00
Jay Berkenbilt
ba814703fb Use QPDFNameTreeObjectHelper's iterator directly 2021-01-24 03:25:11 -05:00
Jay Berkenbilt
fc88837d4b Treat /EmbeddedFiles as a proper name tree
If we ever had an encrypted file with different filters for
attachments and either the /EmbeddedFiles name tree was deep or some
of the file specs didn't have /Type, we would have overlooked those as
attachment streams. The code now properly handles /EmbeddedFiles as a
name tree.
2021-01-11 10:50:44 -05:00
Jay Berkenbilt
6fe7b704c7 Warn rather than segv on access after closing input source (fixes #495) 2021-01-06 10:11:34 -05:00
Jay Berkenbilt
0fed040392 Prepare version 10.1.0 2021-01-04 16:59:55 -05:00
Jay Berkenbilt
39bfa01307 Implement user-provided stream filters
Refactor QPDF_Stream to use stream filter classes to handle supported
stream filters as well.
2020-12-28 12:58:19 -05:00
Jay Berkenbilt
78b9d6bfd4 Prepare 10.0.4 release 2020-11-21 13:50:02 -05:00
Jay Berkenbilt
47f4ebcdac Ignore unused field in xref entry, avoiding range error (fixes #482) 2020-11-04 07:46:46 -05:00
Jay Berkenbilt
fbe40b800d Prepare 10.0.3 release 2020-10-31 13:47:03 -04:00
Jay Berkenbilt
ffe6af6f77 Add comments explaining the foreign object copying code
These are the comments I would have liked to have been able to read
while fixing #449 and #478.
2020-10-31 12:14:26 -04:00
Jay Berkenbilt
96767fb104 Fix foreign stream copying bug (fixes #478)
This reverts an incorrect fix to #449 and codes it properly. The real
problem was that we were looking at the local dictionaries rather than
the foreign dictionaries when saving the foreign stream data. In the
case of direct objects, these happened to be the same, but in the case
of indirect objects, the object references could be pointing anywhere
since object numbers don't match up between the old and new files.
2020-10-31 12:14:26 -04:00
Jay Berkenbilt
da7540794a Prepare 10.0.2 release 2020-10-27 11:57:48 -04:00
Jay Berkenbilt
bcea54fcaa Revert removal of unreadCh change for performance
Turns out unreadCh is much more efficient than seek(-1, SEEK_CUR).
Update comments and code to reflect this.
2020-10-27 11:57:48 -04:00
Jay Berkenbilt
8a11feacc3 Avoid leak by resolving object streams more than once (fuzz issue 23642) 2020-10-22 15:39:36 -04:00
Jay Berkenbilt
30bb4c64ee Minor code cleanup
* Return rather than exiting from realmain in qpdf.cc
* Remove extraneous blank line
* Don't assign temporary to const reference
2020-10-22 15:39:36 -04:00
Jay Berkenbilt
956c8f6432 Obscure bug fix copying foreign streams in special cases (fixes #449)
Specifically, if a stream had its stream data replaced and had
indirect /Filter or /DecodeParms, it would result in non-silent loss
of data and/or internal error.
2020-10-21 19:23:23 -04:00
Jay Berkenbilt
98f6c00dad Protect numeric conversion against user's locale (fixes #459) 2020-10-21 16:42:51 -04:00
Jay Berkenbilt
bed165c9fc Stop using InputSource::unreadCh 2020-10-18 07:43:05 -04:00
Dean Scarff
153060a0c5 Check integer overflow in resolveObjectsInStream
Fixes a crash found by fuzzing.
2020-10-16 20:09:24 -04:00
Jay Berkenbilt
821a701851 Prepare 10.0.1 release 2020-04-09 11:48:26 -04:00
Jay Berkenbilt
1e629c278a Prepare 10.0.0 release 2020-04-06 11:30:15 -04:00
Jay Berkenbilt
893d38b87e Allow propagation of errors and retry through StreamDataProvider
StreamDataProvider::provideStreamData now has a rich enough API for it
to effectively proxy to pipeStreamData.
2020-04-05 20:07:13 -04:00
Dean Scarff
c5c1a028cd Use deterministic assignments for unique_id
Fixes qpdf/qpdf#419
2020-04-04 08:29:28 -04:00
Jay Berkenbilt
52a2e95dd5 Prepare 9.1.1 release 2020-01-26 18:49:04 -05:00
Jay Berkenbilt
9b0c6022d7 Prepare 9.1.0 release 2019-11-16 22:29:54 -05:00
Jay Berkenbilt
5e6dfc938e Prepare 9.1.rc1 release 2019-11-09 22:00:53 -05:00
Jay Berkenbilt
9094fb1f8e Fix two additional fuzz test cases 2019-11-03 18:59:12 -05:00
Masamichi Hosoda
46ac3e21b3 Add QPDF::getXRefTable() 2019-10-22 16:16:16 -04:00
Masamichi Hosoda
06b818dcd3 Exclude signature dictionary from compressible objects
It seems better not to compress signature dictionaries. Various PDF
digital signing tools, including Adobe Acrobat Reader DC, do not
compress signature dictionaries.

Table 8.93 "Entries in a signature dictionary" in PDF 1.5 reference
describes that /ByteRange in the signature dictionary shall be used to
describe a digest that does not include the signature value
(/Contents) itself.

The byte ranges cannot be determined if the dictionary is compressed.
2019-10-22 16:16:16 -04:00
Jay Berkenbilt
3094955dee Prepare 9.0.2 release 2019-10-12 19:37:40 -04:00
Jay Berkenbilt
4ea940b03c Prepare 9.0.1 release 2019-09-20 07:38:18 -04:00
Jay Berkenbilt
bb83e65193 Fix fuzz issue 16953 (overflow checking in xref stream index) 2019-09-17 19:48:47 -04:00
Jay Berkenbilt
5462dfce31 Prepare 9.0.0 release 2019-08-31 20:07:36 -04:00
Jay Berkenbilt
babd12c9b2 Add methods QPDF::anyWarnings and QPDF::closeInputSource 2019-08-31 15:51:20 -04:00
Jay Berkenbilt
dadf8307c8 Fix fuzz issues 15316 and 15390 2019-08-27 20:39:06 -04:00
Jay Berkenbilt
9a095c5c76 Seek in two stages to avoid overflow
When seeing to a position based on a value read from the input, we are
prone to integer overflow (fuzz issue 15442). Seek in two stages to
move the overflow check into the input source code.
2019-08-27 11:26:25 -04:00
Jay Berkenbilt
ac5e6de2e8 Fix fuzz issue 15387 (overflow checking xref size) 2019-08-27 11:26:25 -04:00
Jay Berkenbilt
5da146c8b5 Track separately whether password was user/owner (fixes #159) 2019-08-24 11:01:19 -04:00
Jay Berkenbilt
225cd9dac2 Protect against coding error of re-entrant parsing 2019-08-22 17:55:16 -04:00
Jay Berkenbilt
ae5bd7102d Accept extraneous space before xref (fixes #341) 2019-08-19 22:24:53 -04:00
Jay Berkenbilt
8a9086a689 Accept extraneous space after stream keyword (fixes #329) 2019-08-19 21:43:44 -04:00
Jay Berkenbilt
42d396f1dd Handle invalid name tokens symmetrically for PDF < 1.2 (fixes #332) 2019-08-19 19:48:27 -04:00
Jay Berkenbilt
522d2b2227 Improve efficiency of fixDanglingReferences 2019-08-18 09:00:40 -04:00
Jay Berkenbilt
25dd3c6750 Remove QPDF::copyForeignObject with unused parameter 2019-06-21 22:29:31 -04:00
Jay Berkenbilt
d71f05ca07 Fix sign and conversion warnings (major)
This makes all integer type conversions that have potential data loss
explicit with calls that do range checks and raise an exception. After
this commit, qpdf builds with no warnings when -Wsign-conversion
-Wconversion is used with gcc or clang or when -W3 -Wd4800 is used
with MSVC. This significantly reduces the likelihood of potential
crashes from bogus integer values.

There are some parts of the code that take int when they should take
size_t or an offset. Such places would make qpdf not support files
with more than 2^31 of something that usually wouldn't be so large. In
the event that such a file shows up and is valid, at least qpdf would
raise an error in the right spot so the issue could be legitimately
addressed rather than failing in some weird way because of a silent
overflow condition.
2019-06-21 13:17:21 -04:00
Jay Berkenbilt
cd830968ef Eliminate one potential integer overflow
There are more to handle, but this resolves an issue already caught by
oss-fuzz.
2019-06-15 08:52:19 -04:00
Jay Berkenbilt
b1a78be1a8 Prepare 8.4.2 release 2019-05-18 08:56:37 -04:00
Jay Berkenbilt
a323f6f49f Prepare 8.4.1 release 2019-04-27 20:44:20 -04:00
Thorsten Schöning
2c704b99a1 Undefined functions because of missing std:: or header. (#295)
* [bcc32 Error] QPDF.cc(375): E2268 Call to undefined function 'atof'
  Full parser context
    QPDF.cc(358): parsing: void QPDF::parse(const char *)

* [bcc32 Error] QPDFTokenizer.cc(183): E2268 Call to undefined function 'strtol'
  Full parser context
    QPDFTokenizer.cc(163): parsing: void QPDFTokenizer::resolveLiteral()

* [bcc32 Error] pdf-split-pages.cc(52): E2268 Call to undefined function 'exit'
  Full parser context
    pdf-split-pages.cc(50): parsing: void usage()

* PR #295: Including "cstdlib" should be replaced with "stdlib.h" to be more consistent. At the same time I changed the order of the surrounding includes to reflect alphabetical order, because at some files this already have been the case.
2019-03-12 10:05:29 -04:00
Jay Berkenbilt
03074ca5a0 Prepare 8.4.0 release 2019-02-01 22:25:25 -05:00
Jay Berkenbilt
2d0885bc11 Clarify documentation for copyForeignObject regarding pages
Make explicit that copyForeignObject can be used on page objects and
will copy them properly but not update the pages tree.
2019-01-28 21:53:55 -05:00
Jay Berkenbilt
654c0e8caf Allow adding the same page more than once in --pages (fixes #272) 2019-01-12 10:01:47 -05:00
Jay Berkenbilt
d24a120c7f Add QPDF::setImmediateCopyFrom 2019-01-10 22:35:08 -05:00
Jay Berkenbilt
b653929c93 Update version to 8.3.0 2019-01-07 11:16:54 -05:00
Jay Berkenbilt
c3cee5f154 Exercise out of scope original pdf for copyForeignObject 2019-01-07 07:38:03 -05:00
Jay Berkenbilt
fddbcab0e7 Mostly don't require original QPDF for copyForeignObject (fixes #219)
The original QPDF is only required now when the source
QPDFObjectHandle is a stream that gets its stream data from a
QPDFObjectHandle::StreamDataProvider.
2019-01-07 00:11:15 -05:00
Jay Berkenbilt
fbbb0ee016 Make a static version of QPDF::pipeStreamData
This is in preparation of being able to pipe a stream's data without
keeping a copy of its containing qpdf object.
2019-01-07 00:11:15 -05:00
Jay Berkenbilt
7588cac295 Create an application-scope unique ID for each QPDF object
Use this instead of QPDF* as a map key for object_copiers.
2019-01-07 00:11:15 -05:00
Jay Berkenbilt
e27ac682e0 Move encryption parameters into a class 2019-01-06 09:58:16 -05:00
Jay Berkenbilt
837dcf8fc2 Don't call assert while checking linearization data (fixes #209, #231)
Instead of calling assert for problems found during checking
linearization data, throw an exception which is later caught and
issued as an error. Ideally we would handle errors more robustly, but
this is still a significant improvement.
2019-01-04 11:55:42 -05:00
Jay Berkenbilt
a01359189b Fix dangling references (fixes #240)
On certain operations, such as iterating through all objects and
adding new indirect objects, walk through the entire object structure
and explicitly resolve any indirect references to non-existent
objects. That prevents new objects from springing into existence and
causing the previously dangling references to point to them.
2019-01-04 10:29:29 -05:00
Jay Berkenbilt
3e74916c5a Fix seg fault on empty xref stream (fixes #263)
Thanks to @p-cher for supplying a patch.
2019-01-03 09:17:43 -05:00
Jay Berkenbilt
6ee761fc86 Prepare 8.2.1 release 2018-08-18 10:56:19 -04:00
Jay Berkenbilt
5e9e17e62a Prepare 8.2.0 release 2018-08-16 11:53:10 -04:00
Jay Berkenbilt
1bd2a2e79b Prepare 8.1.0 release 2018-06-23 07:50:11 -04:00
Jay Berkenbilt
2a82f6e1e0 Add method to get count of objects in QPDF 2018-06-22 15:53:40 -04:00
Jay Berkenbilt
f8c8e4dcc0 Prepare 8.0.2 release 2018-03-06 11:34:07 -05:00
Jay Berkenbilt
ee44aef8d0 Treat loop in xref tables as damage (fixes #192)
Prior to this fix, if there was a loop detected in following /Prev
pointers in xref streams/tables, it would cause qpdf to lose data.
Note that this condition causes many PDF readers to hang or fail.
2018-03-05 14:26:58 -05:00
Jay Berkenbilt
6fe1e9de40 Prepare 8.0.1 release 2018-03-04 07:16:20 -05:00
Jay Berkenbilt
3e8b643ae3 Release 8.0.0 2018-02-25 16:00:11 -05:00
Jay Berkenbilt
111ec50950 8.0.rc3 2018-02-25 14:17:59 -05:00
Jay Berkenbilt
d3d3970cf6 8.0.rc2 2018-02-25 13:50:22 -05:00
Jay Berkenbilt
a16d703f4d Update version to 8.0.rc1
This is for testing the release process, particularly as it pertains
to AppImage creation.
2018-02-25 09:03:27 -05:00
Jay Berkenbilt
82cae01a76 Bump version number and soname
Bump to an alpha release. This version is not being widely released
but is being used to push the new shared library version through the
debian packaging system and to test out github releases.
2018-02-20 21:31:38 -05:00
Jay Berkenbilt
d0e99f195a More robust handling of type errors
Give objects descriptions and context so it is possible to issue
warnings instead of fatal errors for attempts to access objects of the
wrong type.
2018-02-18 21:06:27 -05:00
Jay Berkenbilt
52e024f701 Include omitted object description in error message 2018-02-18 21:06:27 -05:00
Jay Berkenbilt
cb3b705cf9 Include filename in object stream parse error 2018-02-18 21:06:27 -05:00
Jay Berkenbilt
2ebdd6929e Prepare 7.1.1 release 2018-02-04 18:31:42 -05:00
Jay Berkenbilt
7e5e1a7158 Fix offset in error message 2018-02-04 14:19:00 -05:00
Jay Berkenbilt
2e4ca7ecf4 Update version numbers for 7.1.0 2018-01-14 20:09:20 -05:00
Jay Berkenbilt
569d74d36b Allow raw encryption key to be specified
Add options to enable the raw encryption key to be directly shown or
specified. Thanks to Didier Stevens <didier.stevens@gmail.com> for the
idea and contribution of one implementation of this idea.
2018-01-14 10:21:05 -05:00
Jay Berkenbilt
a3a55be9cd Correct errors in PNG filters and make use from library 2017-12-25 14:24:48 -05:00
Jay Berkenbilt
0f1ce8e646 Prepare 7.0.0 release 2017-09-16 13:22:15 -04:00
Jay Berkenbilt
d31a7b76e7 Improve message for stream decoding error
Tweak the message so that we inform the user that we are mitigating
data loss.
2017-09-12 16:03:48 -04:00
Jay Berkenbilt
1868a10f8b Replace all atoi calls with QUtil::string_to_int
The latter catches underflow/overflow.
2017-08-29 12:28:32 -04:00
Jay Berkenbilt
85f05cc57f Detect xref pointer infinite loop (fixes #149) 2017-08-25 19:58:31 -04:00
Jay Berkenbilt
1e52d33822 Bump soname to 18 and version to 7.0.b1 2017-08-22 16:50:48 -04:00
Jay Berkenbilt
fabff0f3ec Limit token length during xref recovery
While scanning the file looking for objects, limit the length of
tokens we allow. This prevents us from getting caught up in reading a
file character by character while digging through large streams.
2017-08-22 14:13:10 -04:00
Jay Berkenbilt
6884ad2ead Fix logic error in recovery
A stray semicolon caused a condition to be incorrectly applied during
stream length recovery.
2017-08-22 07:19:41 -04:00
Jay Berkenbilt
a8c93bd324 Push QPDF member variables into a nested class
Pushing member variables into a nested class enables addition of new
member variables without breaking binary compatibility.
2017-08-21 21:35:11 -04:00
Jay Berkenbilt
9744414c66 Enable finer grained control of stream decoding
This commit adds several API methods that enable control over which
types of filters QPDF will attempt to decode. It also adds support for
/RunLengthDecode and /DCTDecode filters for both encoding and
decoding.
2017-08-21 17:44:22 -04:00
Jay Berkenbilt
46611f0710 Prevent a division by zero error (fixes #141)
Bad /W in an xref stream could cause a division by zero error. Now
this is handled as a special case.
2017-08-11 20:11:19 -04:00
Jay Berkenbilt
30f109e244 Read xref table without PCRE
Also accept more errors than before.
2017-08-10 21:30:32 -04:00
Jay Berkenbilt
98a843c2a2 Reconstruct xref without PCRE 2017-08-10 21:30:32 -04:00
Jay Berkenbilt
ca5b1d267a Improve stream length recovery
Eliminate PCRE and find endobj not preceded by endstream. Be more lax
about placement of endstream and endobj.
2017-08-10 21:30:32 -04:00
Jay Berkenbilt
3082e4e606 Find xref without PCRE 2017-08-10 21:30:32 -04:00
Jay Berkenbilt
03aa9679ac Find starxref without PCRE 2017-08-10 21:30:32 -04:00
Jay Berkenbilt
1765c6ec20 Find header without PCRE 2017-08-10 21:30:32 -04:00
Jay Berkenbilt
ef8ae5449d Allow QPDFTokenizer::readToken to return bad tokens
Sometimes we want to ignore bad tokens rather than having them throw
an exception. A coverage case is commented out here and added in a
later commit.
2017-08-10 19:01:41 -04:00
Jay Berkenbilt
570db9b60b Catch more exceptions while resolving objects 2017-07-29 19:31:12 -04:00
Jay Berkenbilt
b43a0ac237 When recover stream length, indicate the length (fixes #44) 2017-07-29 19:15:06 -04:00
Jay Berkenbilt
6a7d53ad2b Handle zlib data errors better (fixes #106) 2017-07-29 12:19:04 -04:00
Jay Berkenbilt
07d6f770b2 Better recovery of bad stream start (fixes #104) 2017-07-29 12:19:04 -04:00
Jay Berkenbilt
ba2bae4acc Use 1.2 as the version if we can't read it from the header
The code was using 1.0, but we use /FlateDecode, which didn't appear
until 1.2.
2017-07-29 12:19:04 -04:00
Jay Berkenbilt
3a1ff5ded9 Add option to preserve unreferenced objects 2017-07-28 19:19:11 -04:00
Jay Berkenbilt
a94a729fee Explicitly check root dictionary type
Very badly corrupted files may not have a retrievable root dictionary.
Handle that as a special case so that a more helpful error message can
be provided.
2017-07-28 18:03:30 -04:00
Jay Berkenbilt
7f8892525f Add precheck streams capability
When requested, QPDFWriter will do more aggress prechecking of streams
to make sure it can actually succeed in decoding them before
attempting to do so. This will allow preservation of raw data even
when the raw data is corrupted relative to the specified filters.
2017-07-27 23:42:27 -04:00
Jay Berkenbilt
428d96dfe1 Convert many more errors to warnings 2017-07-27 22:57:55 -04:00
Jay Berkenbilt
40f00122b8 Convert object parsing errors to warnings
QPDFObjectHandle::parseInternal now issues warnings instead of
throwing exceptions for all error conditions that it finds (except
internal logic errors) and has stronger recovery for things like
invalid tokens and malformed dictionaries. This should improve qpdf's
ability to recover from a wide range of broken files that currently
cause it to fail.
2017-07-27 18:20:31 -04:00
Jay Berkenbilt
701b518d5c Detect recursion loops resolving objects (fixes #51)
During parsing of an object, sometimes parts of the object have to be
resolved. An example is stream lengths. If such an object directly or
indirectly points to the object being parsed, it can cause an infinite
loop. Guard against all cases of re-entrant resolution of objects.
2017-07-26 06:24:07 -04:00
Jay Berkenbilt
afe0242b26 Handle object ID 0 (fixes #99)
This is CVE-2017-9208.

The QPDF library uses object ID 0 internally as a sentinel to
represent a direct object, but prior to this fix, was not blocking
handling of 0 0 obj or 0 0 R as a special case. Creating an object in
the file with 0 0 obj could cause various infinite loops. The PDF spec
doesn't allow for object 0. Having qpdf handle object 0 might be a
better fix, but changing all the places in the code that assumes objid
== 0 means direct would be risky.
2017-07-26 06:24:07 -04:00
Jay Berkenbilt
315092dd98 Avoid xref reconstruction infinite loop (fixes #100)
This is CVE-2017-9209.
2017-07-26 06:24:07 -04:00
Jay Berkenbilt
b7302a9b72 Prepare 6.0.0 release 2015-11-10 12:48:52 -05:00
Jay Berkenbilt
e5abc789a2 Prepare 5.2.0 release 2015-11-01 16:40:01 -05:00
Jay Berkenbilt
b62cbe2508 Tolerate some mangled xref tables
If xref table entries lack the spec-required trailing whitespace or
contain a small amount of extra space, handle them anyway.
2015-10-31 18:56:43 -04:00