From ed43691bf3e1da1cefb7a4618cb809684040dd65 Mon Sep 17 00:00:00 2001
From: m-holger <m-holger@kubitscheck.org>
Date: Wed, 17 Jan 2024 13:15:13 +0000
Subject: Tighten checks for invalid indirect references in QPDFParser

---
 libqpdf/QPDFParser.cc | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

(limited to 'libqpdf')

diff --git a/libqpdf/QPDFParser.cc b/libqpdf/QPDFParser.cc
index 32c4f8e9..2551cf93 100644
--- a/libqpdf/QPDFParser.cc
+++ b/libqpdf/QPDFParser.cc
@@ -163,16 +163,15 @@ QPDFParser::parseRemainder(bool content_stream)
                     throw std::logic_error("QPDFParser::parse called without context on an object "
                                            "with indirect references");
                 }
-                auto ref_og = QPDFObjGen(
-                    QIntC::to_int(int_buffer[(int_count - 1) % 2]),
-                    QIntC::to_int(int_buffer[(int_count) % 2]));
-                if (ref_og.isIndirect()) {
+                auto id = QIntC::to_int(int_buffer[(int_count - 1) % 2]);
+                auto gen = QIntC::to_int(int_buffer[(int_count) % 2]);
+                if (!(id < 1 || gen < 0 || gen >= 65535)) {
                     // This action has the desirable side effect of causing dangling references
                     // (references to indirect objects that don't appear in the PDF) in any parsed
                     // object to appear in the object cache.
-                    add(std::move(context->getObject(ref_og).obj));
+                    add(std::move(context->getObject(id, gen).obj));
                 } else {
-                    QTC::TC("qpdf", "QPDFParser indirect with 0 objid");
+                    QTC::TC("qpdf", "QPDFParser invalid objgen");
                     addNull();
                 }
                 int_count = 0;
-- 
cgit v1.2.3-54-g00ecf