From ac3c81a8edcb44e2669485630d6718c96a6ad6e9 Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Wed, 26 Jul 2017 06:19:19 -0400 Subject: Include tests for other infinite loop bugs fixes #117 fixes #118 fixes #119 fixes #120 Several other infinite loop bugs were fixed by previous changes. Include their test files in the test suite. --- ChangeLog | 4 ++++ qpdf/qtest/qpdf.test | 6 +++++- qpdf/qtest/qpdf/issue-117.out | 6 ++++++ qpdf/qtest/qpdf/issue-117.pdf | Bin 0 -> 2817 bytes qpdf/qtest/qpdf/issue-118.out | 2 ++ qpdf/qtest/qpdf/issue-118.pdf | Bin 0 -> 806 bytes qpdf/qtest/qpdf/issue-119.out | 2 ++ qpdf/qtest/qpdf/issue-119.pdf | Bin 0 -> 912 bytes qpdf/qtest/qpdf/issue-120.out | 2 ++ qpdf/qtest/qpdf/issue-120.pdf | Bin 0 -> 785 bytes 10 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 qpdf/qtest/qpdf/issue-117.out create mode 100644 qpdf/qtest/qpdf/issue-117.pdf create mode 100644 qpdf/qtest/qpdf/issue-118.out create mode 100644 qpdf/qtest/qpdf/issue-118.pdf create mode 100644 qpdf/qtest/qpdf/issue-119.out create mode 100644 qpdf/qtest/qpdf/issue-119.pdf create mode 100644 qpdf/qtest/qpdf/issue-120.out create mode 100644 qpdf/qtest/qpdf/issue-120.pdf diff --git a/ChangeLog b/ChangeLog index 613a0eaf..5be7129f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2017-07-26 Jay Berkenbilt + * Fixes to infinite loops below also fix problems reported in + other issues and cover CVE-2017-11624, CVE-2017-11625, + CVE-2017-11626, and CVE-2017-11627. + * Don't attempt to interpret syntactic keywords (like R and endobj) found while parsing content streams. diff --git a/qpdf/qtest/qpdf.test b/qpdf/qtest/qpdf.test index c0207019..242ee149 100644 --- a/qpdf/qtest/qpdf.test +++ b/qpdf/qtest/qpdf.test @@ -206,7 +206,7 @@ $td->runtest("remove page we don't have", show_ntests(); # ---------- $td->notify("--- Miscellaneous Tests ---"); -$n_tests += 82; +$n_tests += 86; $td->runtest("qpdf version", {$td->COMMAND => "qpdf --version"}, @@ -225,6 +225,10 @@ foreach my $d ( ["99b", "object 0"], ["100","xref reconstruction loop"], ["101", "resolve for exception text"], + ["117", "other infinite loop"], + ["118", "other infinite loop"], + ["119", "other infinite loop"], + ["120", "other infinite loop"], ) { my ($n, $description) = @$d; diff --git a/qpdf/qtest/qpdf/issue-117.out b/qpdf/qtest/qpdf/issue-117.out new file mode 100644 index 00000000..46be2597 --- /dev/null +++ b/qpdf/qtest/qpdf/issue-117.out @@ -0,0 +1,6 @@ +WARNING: issue-117.pdf: file is damaged +WARNING: issue-117.pdf: can't find startxref +WARNING: issue-117.pdf: Attempting to reconstruct cross-reference table +WARNING: issue-117.pdf (file position 66): loop detected resolving object 2 0 +WARNING: issue-117.pdf (object 2 0, file position 67): attempting to recover stream length +attempt to make a stream into a direct object diff --git a/qpdf/qtest/qpdf/issue-117.pdf b/qpdf/qtest/qpdf/issue-117.pdf new file mode 100644 index 00000000..5fd8ee32 Binary files /dev/null and b/qpdf/qtest/qpdf/issue-117.pdf differ diff --git a/qpdf/qtest/qpdf/issue-118.out b/qpdf/qtest/qpdf/issue-118.out new file mode 100644 index 00000000..52fe67e9 --- /dev/null +++ b/qpdf/qtest/qpdf/issue-118.out @@ -0,0 +1,2 @@ +WARNING: issue-118.pdf (file position 732): loop detected resolving object 2 0 +issue-118.pdf (xref stream: object 8 0, file position 732): supposed object stream 2 is not a stream diff --git a/qpdf/qtest/qpdf/issue-118.pdf b/qpdf/qtest/qpdf/issue-118.pdf new file mode 100644 index 00000000..5dc05f6d Binary files /dev/null and b/qpdf/qtest/qpdf/issue-118.pdf differ diff --git a/qpdf/qtest/qpdf/issue-119.out b/qpdf/qtest/qpdf/issue-119.out new file mode 100644 index 00000000..bc6ffb3e --- /dev/null +++ b/qpdf/qtest/qpdf/issue-119.out @@ -0,0 +1,2 @@ +WARNING: issue-119.pdf (file position 336): loop detected resolving object 4 0 +issue-119.pdf (file position 298): dictionary key is not not a name token diff --git a/qpdf/qtest/qpdf/issue-119.pdf b/qpdf/qtest/qpdf/issue-119.pdf new file mode 100644 index 00000000..829ca7af Binary files /dev/null and b/qpdf/qtest/qpdf/issue-119.pdf differ diff --git a/qpdf/qtest/qpdf/issue-120.out b/qpdf/qtest/qpdf/issue-120.out new file mode 100644 index 00000000..02f41135 --- /dev/null +++ b/qpdf/qtest/qpdf/issue-120.out @@ -0,0 +1,2 @@ +WARNING: issue-120.pdf (file position 85): loop detected resolving object 3 0 +issue-120.pdf (object 6 0, file position 85): supposed object stream 3 is not a stream diff --git a/qpdf/qtest/qpdf/issue-120.pdf b/qpdf/qtest/qpdf/issue-120.pdf new file mode 100644 index 00000000..fd8a5253 Binary files /dev/null and b/qpdf/qtest/qpdf/issue-120.pdf differ -- cgit v1.2.3-70-g09d2