diff options
author | Jay Berkenbilt <ejb@ql.org> | 2019-08-28 15:32:58 +0200 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2019-08-28 18:49:04 +0200 |
commit | 47a38a942d34a65524dca2e1255c1b4ba02d7eb6 (patch) | |
tree | 9210e3bd1fd1618d2701a1270c638cf347cd9f5f /libqpdf/QPDFWriter.cc | |
parent | 15248aa54bdf31d5f149b8b0afd584b2a09ce222 (diff) | |
download | qpdf-47a38a942d34a65524dca2e1255c1b4ba02d7eb6.tar.zst |
Detect stream in object stream, fixing fuzz 16214
It's detected in QPDFWriter instead of at parse time because I can't
figure out how to construct a test case in a reasonable time. This
commit moves the fuzz file into the regular test suite for a QTC
coverage case.
Diffstat (limited to 'libqpdf/QPDFWriter.cc')
-rw-r--r-- | libqpdf/QPDFWriter.cc | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc index 895f98ce..f5fa2bc9 100644 --- a/libqpdf/QPDFWriter.cc +++ b/libqpdf/QPDFWriter.cc @@ -2012,7 +2012,19 @@ QPDFWriter::writeObjectStream(QPDFObjectHandle object) // pass 1. indicateProgress(true, false); } - writeObject(this->m->pdf.getObjectByObjGen(obj), count); + QPDFObjectHandle obj_to_write = + this->m->pdf.getObjectByObjGen(obj); + if (obj_to_write.isStream()) + { + // This condition occurred in a fuzz input. Ideally we + // should block it at at parse time, but it's not + // clear to me how to construct a case for this. + QTC::TC("qpdf", "QPDFWriter stream in ostream"); + obj_to_write.warnIfPossible( + "stream found inside object stream; treating as null"); + obj_to_write = QPDFObjectHandle::newNull(); + } + writeObject(obj_to_write, count); this->m->xref[new_obj] = QPDFXRefEntry(2, new_id, count); } |