From 3e74916c5a658d310c37b7dd73b0305c0d1e8ff9 Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Thu, 3 Jan 2019 09:16:53 -0500 Subject: Fix seg fault on empty xref stream (fixes #263) Thanks to @p-cher for supplying a patch. --- libqpdf/QPDF.cc | 6 +++++- qpdf/qtest/qpdf.test | 1 + qpdf/qtest/qpdf/issue-263.out | 38 ++++++++++++++++++++++++++++++++++++++ qpdf/qtest/qpdf/issue-263.pdf | 5 +++++ 4 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 qpdf/qtest/qpdf/issue-263.out create mode 100644 qpdf/qtest/qpdf/issue-263.pdf diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc index 90caafe2..75ee1f13 100644 --- a/libqpdf/QPDF.cc +++ b/libqpdf/QPDF.cc @@ -1228,7 +1228,11 @@ QPDF::getObjectCount() { o1 = (*(this->m->obj_cache.rbegin())).first; } - QPDFObjGen o2 = (*(this->m->xref_table.rbegin())).first; + QPDFObjGen o2(0, 0); + if (! this->m->xref_table.empty()) + { + o2 = (*(this->m->xref_table.rbegin())).first; + } QTC::TC("qpdf", "QPDF indirect last obj from xref", (o2.getObj() > o1.getObj()) ? 1 : 0); return std::max(o1.getObj(), o2.getObj()); diff --git a/qpdf/qtest/qpdf.test b/qpdf/qtest/qpdf.test index a7a9a9a7..743a56d8 100644 --- a/qpdf/qtest/qpdf.test +++ b/qpdf/qtest/qpdf.test @@ -450,6 +450,7 @@ my @bug_tests = ( ["149", "xref prev pointer loop", 3], ["150", "integer overflow", 2], ["202", "even more deeply nested dictionary", 2], + ["263", "empty xref stream", 3], ); $n_tests += scalar(@bug_tests); foreach my $d (@bug_tests) diff --git a/qpdf/qtest/qpdf/issue-263.out b/qpdf/qtest/qpdf/issue-263.out new file mode 100644 index 00000000..97f5d057 --- /dev/null +++ b/qpdf/qtest/qpdf/issue-263.out @@ -0,0 +1,38 @@ +WARNING: issue-263.pdf: can't find PDF header +WARNING: issue-263.pdf: file is damaged +WARNING: issue-263.pdf: can't find startxref +WARNING: issue-263.pdf: Attempting to reconstruct cross-reference table +WARNING: issue-263.pdf (trailer, offset 66): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 75): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 79): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 82): unexpected ) +WARNING: issue-263.pdf (trailer, offset 83): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 87): unexpected > +WARNING: issue-263.pdf (trailer, offset 89): unexpected dictionary close token +WARNING: issue-263.pdf (trailer, offset 92): unexpected > +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake1 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake2 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake3 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake4 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake5 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake6 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake7 +WARNING: issue-263.pdf (trailer, offset 98): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 103): unexpected ) +WARNING: issue-263.pdf (trailer, offset 107): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 119): expected dictionary key but found non-name object; inserting key /QPDFFake1 +WARNING: issue-263.pdf (trailer, offset 163): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 173): unknown token while reading object; treating as string +WARNING: issue-263.pdf (trailer, offset 113): expected dictionary key but found non-name object; inserting key /QPDFFake1 +WARNING: issue-263.pdf (trailer, offset 113): expected dictionary key but found non-name object; inserting key /QPDFFake2 +WARNING: issue-263.pdf (trailer, offset 113): dictionary ended prematurely; using null as value for last key +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake1 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake2 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake3 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake4 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake5 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake6 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake7 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake8 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake9 +qpdf: operation succeeded with warnings; resulting file may have some problems diff --git a/qpdf/qtest/qpdf/issue-263.pdf b/qpdf/qtest/qpdf/issue-263.pdf new file mode 100644 index 00000000..d6bf694c --- /dev/null +++ b/qpdf/qtest/qpdf/issue-263.pdf @@ -0,0 +1,5 @@ +%PDFn +trailer +<>7>>8>]>> +sbj 5) 0 obj <>/Filter/Flatode/ID[<07>]/Inf 0 R/Len50/R R/Size >>-247682085 -247682085 >>-247682085 0 R-247682085 -247682085 0 R26/Type/XRef/W[1 2 9]>>stream +h \ No newline at end of file -- cgit v1.2.3-54-g00ecf