Avoid resolving arguments to R

When checking two objects preceding R while parsing, ensure that the objects are direct. This avoids stuff like 1 0 obj containing 1 0 R 0 R from causing an infinite loop in object resolution.
author: Jay Berkenbilt <ejb@ql.org> 2015-02-21 23:40:41 +0100
committer: Jay Berkenbilt <ejb@ql.org> 2015-02-21 23:51:08 +0100
commit: c729e07d55c870e7e08f158f0a80a3d452c59cdc (patch)
tree: 2130876f9bf7f6ec45cc6bcaec75c921976ab317 /ChangeLog
parent: d8900c2255d12adbe9342ea751403740ca7a826d (diff)
download: qpdf-c729e07d55c870e7e08f158f0a80a3d452c59cdc.tar.zst
1 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 72cef333..c049bc3b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2015-02-21  Jay Berkenbilt  <ejb@ql.org>
+
+	* Ensure that arguments to "R" when parsing the file are direct
+	objects before trying to resolve them. This prevents specially
+	crafted files from causing qpdf to crash with a stack overflow.
+	Thanks to Gynvael Coldwind and Mateusz Jurczyk of the Google
+	Security Team for providing a sample file with this problem.
+
 2014-12-01  Jay Berkenbilt  <ejb@ql.org>
 
 	* Some broken PDF files lack the required /Type key for /Page and
author	Jay Berkenbilt <ejb@ql.org>	2015-02-21 23:40:41 +0100
committer	Jay Berkenbilt <ejb@ql.org>	2015-02-21 23:51:08 +0100
commit	c729e07d55c870e7e08f158f0a80a3d452c59cdc (patch)
tree	2130876f9bf7f6ec45cc6bcaec75c921976ab317 /ChangeLog
parent	d8900c2255d12adbe9342ea751403740ca7a826d (diff)
download	qpdf-c729e07d55c870e7e08f158f0a80a3d452c59cdc.tar.zst