2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-23 11:28:56 +00:00
Commit Graph

198 Commits

Author SHA1 Message Date
Jay Berkenbilt
9094fb1f8e Fix two additional fuzz test cases 2019-11-03 18:59:12 -05:00
Masamichi Hosoda
46ac3e21b3 Add QPDF::getXRefTable() 2019-10-22 16:16:16 -04:00
Masamichi Hosoda
06b818dcd3 Exclude signature dictionary from compressible objects
It seems better not to compress signature dictionaries. Various PDF
digital signing tools, including Adobe Acrobat Reader DC, do not
compress signature dictionaries.

Table 8.93 "Entries in a signature dictionary" in PDF 1.5 reference
describes that /ByteRange in the signature dictionary shall be used to
describe a digest that does not include the signature value
(/Contents) itself.

The byte ranges cannot be determined if the dictionary is compressed.
2019-10-22 16:16:16 -04:00
Jay Berkenbilt
3094955dee Prepare 9.0.2 release 2019-10-12 19:37:40 -04:00
Jay Berkenbilt
4ea940b03c Prepare 9.0.1 release 2019-09-20 07:38:18 -04:00
Jay Berkenbilt
bb83e65193 Fix fuzz issue 16953 (overflow checking in xref stream index) 2019-09-17 19:48:47 -04:00
Jay Berkenbilt
5462dfce31 Prepare 9.0.0 release 2019-08-31 20:07:36 -04:00
Jay Berkenbilt
babd12c9b2 Add methods QPDF::anyWarnings and QPDF::closeInputSource 2019-08-31 15:51:20 -04:00
Jay Berkenbilt
dadf8307c8 Fix fuzz issues 15316 and 15390 2019-08-27 20:39:06 -04:00
Jay Berkenbilt
9a095c5c76 Seek in two stages to avoid overflow
When seeing to a position based on a value read from the input, we are
prone to integer overflow (fuzz issue 15442). Seek in two stages to
move the overflow check into the input source code.
2019-08-27 11:26:25 -04:00
Jay Berkenbilt
ac5e6de2e8 Fix fuzz issue 15387 (overflow checking xref size) 2019-08-27 11:26:25 -04:00
Jay Berkenbilt
5da146c8b5 Track separately whether password was user/owner (fixes #159) 2019-08-24 11:01:19 -04:00
Jay Berkenbilt
225cd9dac2 Protect against coding error of re-entrant parsing 2019-08-22 17:55:16 -04:00
Jay Berkenbilt
ae5bd7102d Accept extraneous space before xref (fixes #341) 2019-08-19 22:24:53 -04:00
Jay Berkenbilt
8a9086a689 Accept extraneous space after stream keyword (fixes #329) 2019-08-19 21:43:44 -04:00
Jay Berkenbilt
42d396f1dd Handle invalid name tokens symmetrically for PDF < 1.2 (fixes #332) 2019-08-19 19:48:27 -04:00
Jay Berkenbilt
522d2b2227 Improve efficiency of fixDanglingReferences 2019-08-18 09:00:40 -04:00
Jay Berkenbilt
25dd3c6750 Remove QPDF::copyForeignObject with unused parameter 2019-06-21 22:29:31 -04:00
Jay Berkenbilt
d71f05ca07 Fix sign and conversion warnings (major)
This makes all integer type conversions that have potential data loss
explicit with calls that do range checks and raise an exception. After
this commit, qpdf builds with no warnings when -Wsign-conversion
-Wconversion is used with gcc or clang or when -W3 -Wd4800 is used
with MSVC. This significantly reduces the likelihood of potential
crashes from bogus integer values.

There are some parts of the code that take int when they should take
size_t or an offset. Such places would make qpdf not support files
with more than 2^31 of something that usually wouldn't be so large. In
the event that such a file shows up and is valid, at least qpdf would
raise an error in the right spot so the issue could be legitimately
addressed rather than failing in some weird way because of a silent
overflow condition.
2019-06-21 13:17:21 -04:00
Jay Berkenbilt
cd830968ef Eliminate one potential integer overflow
There are more to handle, but this resolves an issue already caught by
oss-fuzz.
2019-06-15 08:52:19 -04:00
Jay Berkenbilt
b1a78be1a8 Prepare 8.4.2 release 2019-05-18 08:56:37 -04:00
Jay Berkenbilt
a323f6f49f Prepare 8.4.1 release 2019-04-27 20:44:20 -04:00
Thorsten Schöning
2c704b99a1 Undefined functions because of missing std:: or header. (#295)
* [bcc32 Error] QPDF.cc(375): E2268 Call to undefined function 'atof'
  Full parser context
    QPDF.cc(358): parsing: void QPDF::parse(const char *)

* [bcc32 Error] QPDFTokenizer.cc(183): E2268 Call to undefined function 'strtol'
  Full parser context
    QPDFTokenizer.cc(163): parsing: void QPDFTokenizer::resolveLiteral()

* [bcc32 Error] pdf-split-pages.cc(52): E2268 Call to undefined function 'exit'
  Full parser context
    pdf-split-pages.cc(50): parsing: void usage()

* PR #295: Including "cstdlib" should be replaced with "stdlib.h" to be more consistent. At the same time I changed the order of the surrounding includes to reflect alphabetical order, because at some files this already have been the case.
2019-03-12 10:05:29 -04:00
Jay Berkenbilt
03074ca5a0 Prepare 8.4.0 release 2019-02-01 22:25:25 -05:00
Jay Berkenbilt
2d0885bc11 Clarify documentation for copyForeignObject regarding pages
Make explicit that copyForeignObject can be used on page objects and
will copy them properly but not update the pages tree.
2019-01-28 21:53:55 -05:00
Jay Berkenbilt
654c0e8caf Allow adding the same page more than once in --pages (fixes #272) 2019-01-12 10:01:47 -05:00
Jay Berkenbilt
d24a120c7f Add QPDF::setImmediateCopyFrom 2019-01-10 22:35:08 -05:00
Jay Berkenbilt
b653929c93 Update version to 8.3.0 2019-01-07 11:16:54 -05:00
Jay Berkenbilt
c3cee5f154 Exercise out of scope original pdf for copyForeignObject 2019-01-07 07:38:03 -05:00
Jay Berkenbilt
fddbcab0e7 Mostly don't require original QPDF for copyForeignObject (fixes #219)
The original QPDF is only required now when the source
QPDFObjectHandle is a stream that gets its stream data from a
QPDFObjectHandle::StreamDataProvider.
2019-01-07 00:11:15 -05:00
Jay Berkenbilt
fbbb0ee016 Make a static version of QPDF::pipeStreamData
This is in preparation of being able to pipe a stream's data without
keeping a copy of its containing qpdf object.
2019-01-07 00:11:15 -05:00
Jay Berkenbilt
7588cac295 Create an application-scope unique ID for each QPDF object
Use this instead of QPDF* as a map key for object_copiers.
2019-01-07 00:11:15 -05:00
Jay Berkenbilt
e27ac682e0 Move encryption parameters into a class 2019-01-06 09:58:16 -05:00
Jay Berkenbilt
837dcf8fc2 Don't call assert while checking linearization data (fixes #209, #231)
Instead of calling assert for problems found during checking
linearization data, throw an exception which is later caught and
issued as an error. Ideally we would handle errors more robustly, but
this is still a significant improvement.
2019-01-04 11:55:42 -05:00
Jay Berkenbilt
a01359189b Fix dangling references (fixes #240)
On certain operations, such as iterating through all objects and
adding new indirect objects, walk through the entire object structure
and explicitly resolve any indirect references to non-existent
objects. That prevents new objects from springing into existence and
causing the previously dangling references to point to them.
2019-01-04 10:29:29 -05:00
Jay Berkenbilt
3e74916c5a Fix seg fault on empty xref stream (fixes #263)
Thanks to @p-cher for supplying a patch.
2019-01-03 09:17:43 -05:00
Jay Berkenbilt
6ee761fc86 Prepare 8.2.1 release 2018-08-18 10:56:19 -04:00
Jay Berkenbilt
5e9e17e62a Prepare 8.2.0 release 2018-08-16 11:53:10 -04:00
Jay Berkenbilt
1bd2a2e79b Prepare 8.1.0 release 2018-06-23 07:50:11 -04:00
Jay Berkenbilt
2a82f6e1e0 Add method to get count of objects in QPDF 2018-06-22 15:53:40 -04:00
Jay Berkenbilt
f8c8e4dcc0 Prepare 8.0.2 release 2018-03-06 11:34:07 -05:00
Jay Berkenbilt
ee44aef8d0 Treat loop in xref tables as damage (fixes #192)
Prior to this fix, if there was a loop detected in following /Prev
pointers in xref streams/tables, it would cause qpdf to lose data.
Note that this condition causes many PDF readers to hang or fail.
2018-03-05 14:26:58 -05:00
Jay Berkenbilt
6fe1e9de40 Prepare 8.0.1 release 2018-03-04 07:16:20 -05:00
Jay Berkenbilt
3e8b643ae3 Release 8.0.0 2018-02-25 16:00:11 -05:00
Jay Berkenbilt
111ec50950 8.0.rc3 2018-02-25 14:17:59 -05:00
Jay Berkenbilt
d3d3970cf6 8.0.rc2 2018-02-25 13:50:22 -05:00
Jay Berkenbilt
a16d703f4d Update version to 8.0.rc1
This is for testing the release process, particularly as it pertains
to AppImage creation.
2018-02-25 09:03:27 -05:00
Jay Berkenbilt
82cae01a76 Bump version number and soname
Bump to an alpha release. This version is not being widely released
but is being used to push the new shared library version through the
debian packaging system and to test out github releases.
2018-02-20 21:31:38 -05:00
Jay Berkenbilt
d0e99f195a More robust handling of type errors
Give objects descriptions and context so it is possible to issue
warnings instead of fatal errors for attempts to access objects of the
wrong type.
2018-02-18 21:06:27 -05:00
Jay Berkenbilt
52e024f701 Include omitted object description in error message 2018-02-18 21:06:27 -05:00