From 9fcf61b2f6e9f6670c5ef7103242b4640712dd4f Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Wed, 10 Feb 2021 16:26:32 -0500
Subject: Fix loop in QPDFOutlineDocumentHelper (fuzz issue 30507)

---
 libqpdf/QPDFOutlineDocumentHelper.cc | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'libqpdf')

diff --git a/libqpdf/QPDFOutlineDocumentHelper.cc b/libqpdf/QPDFOutlineDocumentHelper.cc
index 85aff76b..b5b82a29 100644
--- a/libqpdf/QPDFOutlineDocumentHelper.cc
+++ b/libqpdf/QPDFOutlineDocumentHelper.cc
@@ -24,8 +24,15 @@ QPDFOutlineDocumentHelper::QPDFOutlineDocumentHelper(QPDF& qpdf) :
         return;
     }
     QPDFObjectHandle cur = outlines.getKey("/First");
+    std::set<QPDFObjGen> seen;
     while (! cur.isNull())
     {
+        auto og = cur.getObjGen();
+        if (seen.count(og))
+        {
+            break;
+        }
+        seen.insert(og);
         this->m->outlines.push_back(
             QPDFOutlineObjectHelper::Accessor::create(cur, *this, 1));
         cur = cur.getKey("/Next");
-- 
cgit v1.2.3-54-g00ecf