diff options
author | Jay Berkenbilt <ejb@ql.org> | 2015-02-21 23:40:41 +0100 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2015-02-21 23:51:08 +0100 |
commit | c729e07d55c870e7e08f158f0a80a3d452c59cdc (patch) | |
tree | 2130876f9bf7f6ec45cc6bcaec75c921976ab317 /ChangeLog | |
parent | d8900c2255d12adbe9342ea751403740ca7a826d (diff) | |
download | qpdf-c729e07d55c870e7e08f158f0a80a3d452c59cdc.tar.zst |
Avoid resolving arguments to R
When checking two objects preceding R while parsing, ensure that the
objects are direct. This avoids stuff like 1 0 obj containing 1 0 R 0 R
from causing an infinite loop in object resolution.
Diffstat (limited to 'ChangeLog')
-rw-r--r-- | ChangeLog | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -1,3 +1,11 @@ +2015-02-21 Jay Berkenbilt <ejb@ql.org> + + * Ensure that arguments to "R" when parsing the file are direct + objects before trying to resolve them. This prevents specially + crafted files from causing qpdf to crash with a stack overflow. + Thanks to Gynvael Coldwind and Mateusz Jurczyk of the Google + Security Team for providing a sample file with this problem. + 2014-12-01 Jay Berkenbilt <ejb@ql.org> * Some broken PDF files lack the required /Type key for /Page and |