Fix bugs found by fuzz tests

* Several assertions in linearization were not always true; change them to run time errors * Handle a few cases of uninitialized objects * Handle pages with no contents when doing form operations * Handle invalid page tree nodes when traversing pages
author: Jay Berkenbilt <ejb@ql.org> 2019-06-21 23:37:33 +0200
committer: Jay Berkenbilt <ejb@ql.org> 2019-06-21 23:56:24 +0200
commit: b07ad6794eea175ee7f4b8c505995bdb4f397ce6 (patch)
tree: 43ca23b83e514e7f1f2c362cfc1b6ca21c21593e /libqpdf/QPDF_optimization.cc
parent: a35d4ce9ccb3eb5903df3d221fdfd9a0d1fb5c37 (diff)
download: qpdf-b07ad6794eea175ee7f4b8c505995bdb4f397ce6.tar.zst
1 files changed, 8 insertions, 0 deletions
diff --git a/libqpdf/QPDF_optimization.cc b/libqpdf/QPDF_optimization.cc
index 3394836c..afa7ccbd 100644
--- a/libqpdf/QPDF_optimization.cc
+++ b/libqpdf/QPDF_optimization.cc
@@ -195,6 +195,14 @@ QPDF::pushInheritedAttributesToPageInternal(
     }
     visited.insert(this_og);
 
+    if (! cur_pages.isDictionary())
+    {
+	throw QPDFExc(qpdf_e_damaged_pdf, this->m->file->getName(),
+		      this->m->last_object_description,
+		      this->m->file->getLastOffset(),
+		      "invalid object in page tree");
+    }
+
     // Extract the underlying dictionary object
     std::string type = cur_pages.getKey("/Type").getName();
author	Jay Berkenbilt <ejb@ql.org>	2019-06-21 23:37:33 +0200
committer	Jay Berkenbilt <ejb@ql.org>	2019-06-21 23:56:24 +0200
commit	b07ad6794eea175ee7f4b8c505995bdb4f397ce6 (patch)
tree	43ca23b83e514e7f1f2c362cfc1b6ca21c21593e /libqpdf/QPDF_optimization.cc
parent	a35d4ce9ccb3eb5903df3d221fdfd9a0d1fb5c37 (diff)
download	qpdf-b07ad6794eea175ee7f4b8c505995bdb4f397ce6.tar.zst