From 603f222365252f1a1e20303b3dbe52466be3053b Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Tue, 25 Jul 2017 10:13:30 -0400 Subject: Fix infinite loop while reporting an error (fixes #101) This is CVE-2017-9210. The description string for an error message included unparsing an object, which is too complex of a thing to try to do while throwing an exception. There was only one example of this in the entire codebase, so it is not a pervasive problem. Fixing this eliminated one class of infinite loop errors. --- libqpdf/QPDFObjectHandle.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'libqpdf/QPDFObjectHandle.cc') diff --git a/libqpdf/QPDFObjectHandle.cc b/libqpdf/QPDFObjectHandle.cc index 64a4e3c3..687ba439 100644 --- a/libqpdf/QPDFObjectHandle.cc +++ b/libqpdf/QPDFObjectHandle.cc @@ -1076,8 +1076,7 @@ QPDFObjectHandle::parseInternal(PointerHolder input, throw QPDFExc( qpdf_e_damaged_pdf, input->getName(), object_description, offset, - std::string("dictionary key not name (") + - key_obj.unparse() + ")"); + std::string("dictionary key is not not a name token")); } dict[key_obj.getName()] = val; } -- cgit v1.2.3-54-g00ecf