diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | fuzz/qpdf_extra/26761.fuzz | bin | 0 -> 793 bytes | |||
-rw-r--r-- | libqpdf/QPDFWriter.cc | 3 |
3 files changed, 6 insertions, 1 deletions
@@ -1,5 +1,9 @@ 2020-10-31 Jay Berkenbilt <ejb@ql.org> + * Don't enter extension initialization in QPDFWriter on a direct + object. Fixes stack overflow in pathological case of /Root being a + direct object (fuzz issue 26761). + * My previous fix to #449 (handling foreign streams with indirect objects in /Filter and/or /DecodeParms) was incorrect and caused other problems. There is a now a correct fix to the original diff --git a/fuzz/qpdf_extra/26761.fuzz b/fuzz/qpdf_extra/26761.fuzz Binary files differnew file mode 100644 index 00000000..c565895c --- /dev/null +++ b/fuzz/qpdf_extra/26761.fuzz diff --git a/libqpdf/QPDFWriter.cc b/libqpdf/QPDFWriter.cc index ba19cbb9..fcf272f6 100644 --- a/libqpdf/QPDFWriter.cc +++ b/libqpdf/QPDFWriter.cc @@ -1537,7 +1537,8 @@ QPDFWriter::unparseObject(QPDFObjectHandle object, int level, bool have_extensions_adbe = false; QPDFObjectHandle extensions; - if (old_og == this->m->pdf.getRoot().getObjGen()) + if ((old_og.getObj() != 0) && + (old_og == this->m->pdf.getRoot().getObjGen())) { is_root = true; if (object.hasKey("/Extensions") && |