diff options
| author | Jay Berkenbilt <ejb@ql.org> | 2017-08-22 16:24:19 +0200 |
|---|---|---|
| committer | Jay Berkenbilt <ejb@ql.org> | 2017-08-22 20:13:10 +0200 |
| commit | fabff0f3ec571b8dc423946e252c060e229c49d7 (patch) | |
| tree | 6aba218b998e0f1bb2928e21d6426352cfdcc072 /include | |
| parent | caf5e39c2e68553101519fb4ce3664a73032d3a3 (diff) | |
| download | qpdf-fabff0f3ec571b8dc423946e252c060e229c49d7.tar.zst | |
Limit token length during xref recovery
While scanning the file looking for objects, limit the length of
tokens we allow. This prevents us from getting caught up in reading a
file character by character while digging through large streams.
Diffstat (limited to 'include')
| -rw-r--r-- | include/qpdf/QPDF.hh | 3 | ||||
| -rw-r--r-- | include/qpdf/QPDFTokenizer.hh | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/include/qpdf/QPDF.hh b/include/qpdf/QPDF.hh index 72e02754..e3cd24b6 100644 --- a/include/qpdf/QPDF.hh +++ b/include/qpdf/QPDF.hh @@ -671,7 +671,8 @@ class QPDF PointerHolder<InputSource> input, int objid, int generation, qpdf_offset_t stream_offset); QPDFTokenizer::Token readToken(PointerHolder<InputSource>, - bool allow_bad = false); + bool allow_bad = false, + size_t max_len = 0); QPDFObjectHandle readObjectAtOffset( bool attempt_recovery, diff --git a/include/qpdf/QPDFTokenizer.hh b/include/qpdf/QPDFTokenizer.hh index e24b7c43..23f7910d 100644 --- a/include/qpdf/QPDFTokenizer.hh +++ b/include/qpdf/QPDFTokenizer.hh @@ -139,7 +139,8 @@ class QPDFTokenizer QPDF_DLL Token readToken(PointerHolder<InputSource> input, std::string const& context, - bool allow_bad = false); + bool allow_bad = false, + size_t max_len = 0); private: void reset(); |