diff options
| author | Jay Berkenbilt <ejb@ql.org> | 2021-02-10 22:26:32 +0100 |
|---|---|---|
| committer | Jay Berkenbilt <ejb@ql.org> | 2021-02-10 22:27:44 +0100 |
| commit | 9fcf61b2f6e9f6670c5ef7103242b4640712dd4f (patch) | |
| tree | 26183aa43750f3d2b8092db3fc4e4092ef88a88c | |
| parent | 4d1f2fdcac8ee8734be02f2c2389c587bc3fc474 (diff) | |
| download | qpdf-9fcf61b2f6e9f6670c5ef7103242b4640712dd4f.tar.zst | |
Fix loop in QPDFOutlineDocumentHelper (fuzz issue 30507)
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | fuzz/qpdf_extra/30507.fuzz | bin | 0 -> 9548 bytes | |||
| -rw-r--r-- | libqpdf/QPDFOutlineDocumentHelper.cc | 7 |
3 files changed, 10 insertions, 0 deletions
@@ -1,5 +1,8 @@ 2021-02-10 Jay Berkenbilt <ejb@ql.org> + * Detect loops when adding when reading outlines dictionary upon + initialization of QPDFOutlineDocumentHelper (fuzz issue 30507). + * Add "attachments" as an additional json key, and add some information about attachments to the json output. diff --git a/fuzz/qpdf_extra/30507.fuzz b/fuzz/qpdf_extra/30507.fuzz Binary files differnew file mode 100644 index 00000000..e8c28d04 --- /dev/null +++ b/fuzz/qpdf_extra/30507.fuzz diff --git a/libqpdf/QPDFOutlineDocumentHelper.cc b/libqpdf/QPDFOutlineDocumentHelper.cc index 85aff76b..b5b82a29 100644 --- a/libqpdf/QPDFOutlineDocumentHelper.cc +++ b/libqpdf/QPDFOutlineDocumentHelper.cc @@ -24,8 +24,15 @@ QPDFOutlineDocumentHelper::QPDFOutlineDocumentHelper(QPDF& qpdf) : return; } QPDFObjectHandle cur = outlines.getKey("/First"); + std::set<QPDFObjGen> seen; while (! cur.isNull()) { + auto og = cur.getObjGen(); + if (seen.count(og)) + { + break; + } + seen.insert(og); this->m->outlines.push_back( QPDFOutlineObjectHelper::Accessor::create(cur, *this, 1)); cur = cur.getKey("/Next"); |