From 85f05cc57ffa0a863d9d9b23e73acea9410b2937 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Fri, 25 Aug 2017 19:58:31 -0400
Subject: Detect xref pointer infinite loop (fixes #149)

---
 libqpdf/QPDF.cc | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'libqpdf/QPDF.cc')

diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc
index 27efdd55..86e798ee 100644
--- a/libqpdf/QPDF.cc
+++ b/libqpdf/QPDF.cc
@@ -491,8 +491,10 @@ void
 QPDF::read_xref(qpdf_offset_t xref_offset)
 {
     std::map<int, int> free_table;
+    std::set<qpdf_offset_t> visited;
     while (xref_offset)
     {
+        visited.insert(xref_offset);
         char buf[7];
         memset(buf, 0, sizeof(buf));
 	this->m->file->seek(xref_offset, SEEK_SET);
@@ -520,6 +522,10 @@ QPDF::read_xref(qpdf_offset_t xref_offset)
 	{
 	    xref_offset = read_xrefStream(xref_offset);
 	}
+        if (visited.count(xref_offset) != 0)
+        {
+            xref_offset = 0;
+        }
     }
 
     if (! this->m->trailer.isInitialized())
-- 
cgit v1.2.3-54-g00ecf