diff options
| author | Jay Berkenbilt <ejb@ql.org> | 2019-01-03 15:16:53 +0100 |
|---|---|---|
| committer | Jay Berkenbilt <ejb@ql.org> | 2019-01-03 15:17:43 +0100 |
| commit | 3e74916c5a658d310c37b7dd73b0305c0d1e8ff9 (patch) | |
| tree | 53662ac9879381f55224855b3583e60a0b36f12e | |
| parent | f78ea057ca766e083c53f1c0284944b96a42b1b8 (diff) | |
| download | qpdf-3e74916c5a658d310c37b7dd73b0305c0d1e8ff9.tar.zst | |
Fix seg fault on empty xref stream (fixes #263)
Thanks to @p-cher for supplying a patch.
| -rw-r--r-- | libqpdf/QPDF.cc | 6 | ||||
| -rw-r--r-- | qpdf/qtest/qpdf.test | 1 | ||||
| -rw-r--r-- | qpdf/qtest/qpdf/issue-263.out | 38 | ||||
| -rw-r--r-- | qpdf/qtest/qpdf/issue-263.pdf | 5 |
4 files changed, 49 insertions, 1 deletions
diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc index 90caafe2..75ee1f13 100644 --- a/libqpdf/QPDF.cc +++ b/libqpdf/QPDF.cc @@ -1228,7 +1228,11 @@ QPDF::getObjectCount() { o1 = (*(this->m->obj_cache.rbegin())).first; } - QPDFObjGen o2 = (*(this->m->xref_table.rbegin())).first; + QPDFObjGen o2(0, 0); + if (! this->m->xref_table.empty()) + { + o2 = (*(this->m->xref_table.rbegin())).first; + } QTC::TC("qpdf", "QPDF indirect last obj from xref", (o2.getObj() > o1.getObj()) ? 1 : 0); return std::max(o1.getObj(), o2.getObj()); diff --git a/qpdf/qtest/qpdf.test b/qpdf/qtest/qpdf.test index a7a9a9a7..743a56d8 100644 --- a/qpdf/qtest/qpdf.test +++ b/qpdf/qtest/qpdf.test @@ -450,6 +450,7 @@ my @bug_tests = ( ["149", "xref prev pointer loop", 3], ["150", "integer overflow", 2], ["202", "even more deeply nested dictionary", 2], + ["263", "empty xref stream", 3], ); $n_tests += scalar(@bug_tests); foreach my $d (@bug_tests) diff --git a/qpdf/qtest/qpdf/issue-263.out b/qpdf/qtest/qpdf/issue-263.out new file mode 100644 index 00000000..97f5d057 --- /dev/null +++ b/qpdf/qtest/qpdf/issue-263.out @@ -0,0 +1,38 @@ +WARNING: issue-263.pdf: can't find PDF header +WARNING: issue-263.pdf: file is damaged +WARNING: issue-263.pdf: can't find startxref +WARNING: issue-263.pdf: Attempting to reconstruct cross-reference table +WARNING: issue-263.pdf (trailer, offset 66): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 75): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 79): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 82): unexpected ) +WARNING: issue-263.pdf (trailer, offset 83): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 87): unexpected > +WARNING: issue-263.pdf (trailer, offset 89): unexpected dictionary close token +WARNING: issue-263.pdf (trailer, offset 92): unexpected > +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake1 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake2 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake3 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake4 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake5 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake6 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake7 +WARNING: issue-263.pdf (trailer, offset 98): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 103): unexpected ) +WARNING: issue-263.pdf (trailer, offset 107): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 119): expected dictionary key but found non-name object; inserting key /QPDFFake1 +WARNING: issue-263.pdf (trailer, offset 163): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 173): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 113): expected dictionary key but found non-name object; inserting key /QPDFFake1 +WARNING: issue-263.pdf (trailer, offset 113): expected dictionary key but found non-name object; inserting key /QPDFFake2 +WARNING: issue-263.pdf (trailer, offset 113): dictionary ended prematurely; using null as value for last key +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake1 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake2 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake3 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake4 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake5 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake6 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake7 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake8 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake9 +qpdf: operation succeeded with warnings; resulting file may have some problems diff --git a/qpdf/qtest/qpdf/issue-263.pdf b/qpdf/qtest/qpdf/issue-263.pdf new file mode 100644 index 00000000..d6bf694c --- /dev/null +++ b/qpdf/qtest/qpdf/issue-263.pdf @@ -0,0 +1,5 @@ +%PDFn
+trailer
+<</S10/Prev 5137/Root <<5 0 R/In-2476-247682085 0 R82085 0 Rfo R/I)D[<>>7>>8>]>>
+sbj
5) 0 obj
<</Des<</4/Prtor 12>>/Filter/Flatode/ID[<07>]/Inf 0 R/Len50/R R/Size >>-247682085 -247682085 >>-247682085 0 R-247682085 -247682085 0 R26/Type/XRef/W[1 2 9]>>stream
+h
\ No newline at end of file |