diff options
author | Jay Berkenbilt <ejb@ql.org> | 2017-07-25 16:13:30 +0200 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2017-07-26 12:24:07 +0200 |
commit | 603f222365252f1a1e20303b3dbe52466be3053b (patch) | |
tree | 7b3244c9282af1aa37f9c70905ab9b8a70f7ba94 /libqpdf/QPDFObjectHandle.cc | |
parent | bd6c8456190af148c9f40806f3a6f561a3c38a53 (diff) | |
download | qpdf-603f222365252f1a1e20303b3dbe52466be3053b.tar.zst |
Fix infinite loop while reporting an error (fixes #101)
This is CVE-2017-9210.
The description string for an error message included unparsing an
object, which is too complex of a thing to try to do while throwing an
exception. There was only one example of this in the entire codebase,
so it is not a pervasive problem. Fixing this eliminated one class of
infinite loop errors.
Diffstat (limited to 'libqpdf/QPDFObjectHandle.cc')
-rw-r--r-- | libqpdf/QPDFObjectHandle.cc | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/libqpdf/QPDFObjectHandle.cc b/libqpdf/QPDFObjectHandle.cc index 64a4e3c3..687ba439 100644 --- a/libqpdf/QPDFObjectHandle.cc +++ b/libqpdf/QPDFObjectHandle.cc @@ -1076,8 +1076,7 @@ QPDFObjectHandle::parseInternal(PointerHolder<InputSource> input, throw QPDFExc( qpdf_e_damaged_pdf, input->getName(), object_description, offset, - std::string("dictionary key not name (") + - key_obj.unparse() + ")"); + std::string("dictionary key is not not a name token")); } dict[key_obj.getName()] = val; } |