aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2015-05-24Update TODO with some small enhancementsJay Berkenbilt
There have been a few enhancements requested that only affect the qpdf command line tool and that should be relatively quick to implement. Work out the details and acknowledge these publicly in the TODO file.
2015-02-22Detect loops in /Pages structureJay Berkenbilt
Pushing inherited objects to pages and getting all pages were both prone to stack overflow infinite loops if there were loops in the Pages dictionary. There is a general weakness in the code in that any part of the code that traverses the Pages structure would be prone to this and would have to implement its own loop detection. A more robust fix may provide some general method for handling the Pages structure, but it's probably not worth doing. Note: addition of *Internal2 private functions was done rather than changing signatures of existing methods to avoid breaking compatibility.
2015-02-21Avoid buffer overrun copying digestJay Berkenbilt
Converting a password to an encryption key is supposed to copy up to a certain number of bytes from a digest. Make sure never to copy more than the size of the digest.
2015-02-21Avoid resolving arguments to RJay Berkenbilt
When checking two objects preceding R while parsing, ensure that the objects are direct. This avoids stuff like 1 0 obj containing 1 0 R 0 R from causing an infinite loop in object resolution.
2014-12-29Handle page tree node with no /TypeJay Berkenbilt
Original reported here: https://bugs.launchpad.net/ubuntu/+source/qpdf/+bug/1397413 The PDF specification says that the /Type key for nodes in the pages dictionary (both /Page and /Pages) is required, but some PDF files omit them. Use the presence of other keys to determine the type of pages tree node this is if the type key is not found.
2014-11-14Handle pages with no /Contents from getPageContents()Jay Berkenbilt
The spec allows /Contents to be omitted for pages that are blank, but QPDFObjectHandle::getPageContents() was throwing an exception in this case.
2014-06-07Prepare 5.1.2 releaserelease-qpdf-5.1.2Jay Berkenbilt
2014-06-07Windows build (msvc): target Windows 5.0.1 (XP)Jay Berkenbilt
Without this, qpdf executables work only on Vista or newer. Fixes #35
2014-06-07Ignore some files created by MSVCJay Berkenbilt
2014-06-07Ignore external-libs directoryJay Berkenbilt
Used during creation of Windows releases
2014-06-07Example: fast split into single pagesJay Berkenbilt
This is faster than using qpdf --pages to do it.
2014-06-07Handle indirect stream filter/decode parametersJay Berkenbilt
QPDFWriter was trying to make /Filter and /DecodeParms direct in all cases, but there are some cases where /DecodeParms may refer to a stream, which can't be direct. QPDFWriter doesn't actually need /DecodeParms to be direct in that case because it won't be able to filter the stream. Until we can handle this type of stream, just don't make /Filter and /DecodeParms direct if we can't filter the stream anyway. Fixes #34
2014-02-23Fix calculation of xref stream stream columnsJay Berkenbilt
Fix problem: if the last object in the first part of a linearized file had an offset that was below 65536 by less than the size of the hint stream, the xref stream was invalid and the resulting file is not usable.
2014-01-14Prepare 5.1.1 releaserelease-qpdf-5.1.1Jay Berkenbilt
2014-01-14Update Copyright to 2014Jay Berkenbilt
2013-12-26Avoid traversing same object twice when copying objectsJay Berkenbilt
This is a performance fix. The output is unchanged. Fixes #28.
2013-12-17Prepare 5.1.0 releaserelease-qpdf-5.1.0Jay Berkenbilt
2013-12-16Remove needless #ifdef _WIN32 from getWhoamiJay Berkenbilt
2013-12-16Increase random data provider supportJay Berkenbilt
Add a method to get the current random data provider, and document and test the method for resetting it.
2013-12-15TODO note on pluggable filtersJay Berkenbilt
2013-12-14Comments about incremental update supportJay Berkenbilt
Also remove some trivial, non-functional code.
2013-12-14Retarget 5.1.0 changes to 5.2.0Jay Berkenbilt
2013-12-14Allow OS-provided secure random to be disabledJay Berkenbilt
2013-12-14Refactor random data generationJay Berkenbilt
Add new RandomDataProvider object and implement existing random number generation in terms of that. This enables end users to supply their own random data providers.
2013-12-14Allow arbitrary whitespace, not just newline, after xrefJay Berkenbilt
Fixes #27.
2013-12-14Update lastOffset when readingJay Berkenbilt
2013-11-30Allow -DNO_GET_ENVIRONMENT to avoid GetEnvironmentVariableJay Berkenbilt
If NO_GET_ENVIRONMENT is #defined at compile time on Windows, do not call GetEnvironmentVariable. QUtil::get_env will always return false. This option is not available through configure. This was added to support a specific user's requirements to avoid calling GetEnvironmentVariable from the Windows API. Nothing in qpdf outside the test coverage system in qtest relies on QUtil::get_env.
2013-11-30Add /FS flag (msvc) for parallel buildsJay Berkenbilt
2013-11-30Add more detail to previous ChangeLog entryJay Berkenbilt
2013-11-29Include <algorithm> for std::min, std::maxJay Berkenbilt
2013-11-21Use 8 bit per sample images in testsJay Berkenbilt
In compare image tests, use the gs device tiff24nc instead of tiff12nc since the 4 bit per sample images created by tiff12nc could sometimes trigger a bug in tiffcmp. Fixes #20.
2013-11-21Add a ChangeLog note for previous fixJay Berkenbilt
2013-10-29Add missing #include of <string>Jay Berkenbilt
2013-10-18Prepare for 5.0.1 releaserelease-qpdf-5.0.1Jay Berkenbilt
2013-10-18Instructions for building from pristine checkoutJay Berkenbilt
2013-10-18Warn when -accessibility=n will be ignoredJay Berkenbilt
Also accept -accessibility=n with 256 bit keys even though it will be ignored.
2013-10-18Security: replace operator[] with atJay Berkenbilt
For std::string and std::vector, replace operator[] with at. This was done using an automated process. See README.hardening for details.
2013-10-18Security: use a secure random number generatorJay Berkenbilt
If not available, give an error. The user may also configure qpdf to use an insecure random number generator.
2013-10-10Pass additional arguments from Windows config wrappersJay Berkenbilt
2013-10-10Replace some assertions with std::logic_errorJay Berkenbilt
Ideally, the library should never call assert outside of test code, but it does in several places. For some cases where the assertion might conceivably fail because of a problem with the input data, replace assertions with exceptions so that they can be trapped by the calling application. This commit surely misses some cases and replaced some cases unnecessarily, but it should still be an improvement.
2013-10-10Security: avoid pre-allocating vectors based on file dataJay Berkenbilt
In places where std::vector<T>(size_t) was used, either validate that the size parameter is sane or refactor code to avoid the need to pre-allocate the vector.
2013-10-10Security: sanitize /W in xref streamJay Berkenbilt
The /W array was not sanitized, possibly causing an integer overflow in a multiplication. An analysis of the code suggests that there were no possible exploits based on this since the problems were in checking expected values but bounds checks were performed on actual values.
2013-10-10Security: better bounds checks for linearization dataJay Berkenbilt
The faulty code was only used during explicit checks of linearization data. Those checks are not part of normal reading or writing of PDF files.
2013-10-10Security: handle empty name in normalizeNameJay Berkenbilt
2013-10-10Security: fix potential multiplication overflowJay Berkenbilt
Better sanity check inputs to bit stream reader
2013-10-10Security: keep cur_byte pointing into bytes arrayJay Berkenbilt
2013-07-20Note about extra hash_V5 callsJay Berkenbilt
2013-07-10Prepare 5.0.0 releaserelease-qpdf-5.0.0Jay Berkenbilt
2013-07-10Update valgrid suppressionsJay Berkenbilt
2013-07-10Update doc for 5.0.0Jay Berkenbilt