diff options
author | Jay Berkenbilt <ejb@ql.org> | 2019-08-29 04:48:55 +0200 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2019-08-29 05:06:32 +0200 |
commit | 0e51a9aca61dfc2cc44bf19a6ba23d423d7f204c (patch) | |
tree | dcf1e6472b962a10cc054b07770e27504999d7e6 | |
parent | bb3ae14f04e3d80992ae05de318e0ec7774fdedd (diff) | |
download | qpdf-0e51a9aca61dfc2cc44bf19a6ba23d423d7f204c.tar.zst |
Don't encrypt trailer, fixes fuzz issue 15983
Ordinarily the trailer doesn't contain any strings, so this is usually
a non-issue, but if the trailer contains strings, linearizing and
encrypting with object streams would include encrypted strings in the
trailer, which would blow out the padding because encrypted strings
are longer than their cleartext counterparts.
-rw-r--r-- | fuzz/qpdf_extra/15983.fuzz | bin | 0 -> 830412 bytes | |||
-rw-r--r-- | libqpdf/QPDFWriter.cc | 11 |
2 files changed, 9 insertions, 2 deletions
diff --git a/fuzz/qpdf_extra/15983.fuzz b/fuzz/qpdf_extra/15983.fuzz Binary files differnew file mode 100644 index 00000000..7e3366df --- /dev/null +++ b/fuzz/qpdf_extra/15983.fuzz diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc index f5fa2bc9..116d493f 100644 --- a/libqpdf/QPDFWriter.cc +++ b/libqpdf/QPDFWriter.cc @@ -1341,7 +1341,11 @@ QPDFWriter::writeTrailer(trailer_e which, int size, bool xref_stream, qpdf_offset_t prev, int linearization_pass) { QPDFObjectHandle trailer = getTrimmedTrailer(); - if (! xref_stream) + if (xref_stream) + { + this->m->cur_data_key.clear(); + } + else { writeString("trailer <<"); } @@ -3320,7 +3324,10 @@ QPDFWriter::writeLinearized() if (this->m->pipeline->getCount() != first_xref_end) { throw std::logic_error( - "insufficient padding for first pass xref stream"); + "insufficient padding for first pass xref stream; " + "first_xref_end=" + + QUtil::int_to_string(first_xref_end) + + "; endpos=" + QUtil::int_to_string(endpos)); } } writeString("\n"); |