Age | Commit message (Collapse) | Author |
|
There is no need for a --precheck-streams option. We can do the
precheck without imposing any penalty, only re-encoding the stream if
it fails the first time.
|
|
This commit adds several API methods that enable control over which
types of filters QPDF will attempt to decode. It also adds support for
/RunLengthDecode and /DCTDecode filters for both encoding and
decoding.
|
|
Additional testing is added in later commits to be supported by
additional changes in the library.
|
|
|
|
|
|
|
|
Add a newline unconditionally before endstream even if a newline was
already written as part of the stream data.
|
|
Bad /W in an xref stream could cause a division by zero error. Now
this is handled as a special case.
|
|
|
|
Rather than checking consistency of libqpdf.map, generate it.
|
|
The build now checks to make sure libqpdf.map has the right library
version number in it.
|
|
|
|
Also accept more errors than before.
|
|
|
|
Eliminate PCRE and find endobj not preceded by endstream. Be more lax
about placement of endstream and endobj.
|
|
|
|
|
|
|
|
|
|
Preparing to refactor some pattern searching code to use these instead
of their own memchr loops. This should simplify the code that replaces
PCRE.
|
|
Sometimes we want to ignore bad tokens rather than having them throw
an exception. A coverage case is commented out here and added in a
later commit.
|
|
|
|
Required for strtol()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
When parsing content streams, allow content to be split arbitrarily
across stream boundaries.
|
|
|
|
The code was using 1.0, but we use /FlateDecode, which didn't appear
until 1.2.
|
|
|
|
Very badly corrupted files may not have a retrievable root dictionary.
Handle that as a special case so that a more helpful error message can
be provided.
|
|
When requested, QPDFWriter will do more aggress prechecking of streams
to make sure it can actually succeed in decoding them before
attempting to do so. This will allow preservation of raw data even
when the raw data is corrupted relative to the specified filters.
|
|
|
|
|
|
QPDFObjectHandle::parseInternal now issues warnings instead of
throwing exceptions for all error conditions that it finds (except
internal logic errors) and has stronger recovery for things like
invalid tokens and malformed dictionaries. This should improve qpdf's
ability to recover from a wide range of broken files that currently
cause it to fail.
|
|
|
|
|
|
For cross compiling.
|
|
|
|
During parsing of an object, sometimes parts of the object have to be
resolved. An example is stream lengths. If such an object directly or
indirectly points to the object being parsed, it can cause an infinite
loop. Guard against all cases of re-entrant resolution of objects.
|
|
This is CVE-2017-9208.
The QPDF library uses object ID 0 internally as a sentinel to
represent a direct object, but prior to this fix, was not blocking
handling of 0 0 obj or 0 0 R as a special case. Creating an object in
the file with 0 0 obj could cause various infinite loops. The PDF spec
doesn't allow for object 0. Having qpdf handle object 0 might be a
better fix, but changing all the places in the code that assumes objid
== 0 means direct would be risky.
|
|
This is CVE-2017-9209.
|
|
This is CVE-2017-9210.
The description string for an error message included unparsing an
object, which is too complex of a thing to try to do while throwing an
exception. There was only one example of this in the entire codebase,
so it is not a pervasive problem. Fixing this eliminated one class of
infinite loop errors.
|
|
The 64 Bit file functions are supported by C++-Builder as well and
need to be used, else fseek will error out on larger files than 4 GB
like used in the large file test.
|
|
|
|
Also update maintainer documentation on binary compatibility testing.
|