From b07ad6794eea175ee7f4b8c505995bdb4f397ce6 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Fri, 21 Jun 2019 17:37:33 -0400
Subject: Fix bugs found by fuzz tests

* Several assertions in linearization were not always true; change
  them to run time errors
* Handle a few cases of uninitialized objects
* Handle pages with no contents when doing form operations
* Handle invalid page tree nodes when traversing pages
---
 libqpdf/QPDFObjectHandle.cc | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'libqpdf/QPDFObjectHandle.cc')

diff --git a/libqpdf/QPDFObjectHandle.cc b/libqpdf/QPDFObjectHandle.cc
index 9ccfa37a..a3147940 100644
--- a/libqpdf/QPDFObjectHandle.cc
+++ b/libqpdf/QPDFObjectHandle.cc
@@ -1407,6 +1407,12 @@ QPDFObjectHandle::coalesceContentStreams()
         QTC::TC("qpdf", "QPDFObjectHandle coalesce called on stream");
         return;
     }
+    else if (! contents.isArray())
+    {
+        // /Contents is optional for pages, and some very damaged
+        // files may have pages that are invalid in other ways.
+        return;
+    }
     QPDF* qpdf = getOwningQPDF();
     if (qpdf == 0)
     {
-- 
cgit v1.2.3-54-g00ecf