Detect stream in object stream, fixing fuzz 16214

It's detected in QPDFWriter instead of at parse time because I can't
figure out how to construct a test case in a reasonable time. This
commit moves the fuzz file into the regular test suite for a QTC
coverage case.

1 files changed, 13 insertions, 1 deletions

diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc
index 895f98ce..f5fa2bc9 100644
--- a/libqpdf/QPDFWriter.cc
+++ b/libqpdf/QPDFWriter.cc
@@ -2012,7 +2012,19 @@ QPDFWriter::writeObjectStream(QPDFObjectHandle object)
                 // pass 1.
                 indicateProgress(true, false);
 	    }
-	    writeObject(this->m->pdf.getObjectByObjGen(obj), count);
+            QPDFObjectHandle obj_to_write =
+                this->m->pdf.getObjectByObjGen(obj);
+            if (obj_to_write.isStream())
+            {
+                // This condition occurred in a fuzz input. Ideally we
+                // should block it at at parse time, but it's not
+                // clear to me how to construct a case for this.
+                QTC::TC("qpdf", "QPDFWriter stream in ostream");
+                obj_to_write.warnIfPossible(
+                    "stream found inside object stream; treating as null");
+                obj_to_write = QPDFObjectHandle::newNull();
+            }
+	    writeObject(obj_to_write, count);
 
 	    this->m->xref[new_obj] = QPDFXRefEntry(2, new_id, count);
 	}