Commit 0e51a9aca61dfc2cc44bf19a6ba23d423d7f204c
1 parent
bb3ae14f
Don't encrypt trailer, fixes fuzz issue 15983
Ordinarily the trailer doesn't contain any strings, so this is usually a non-issue, but if the trailer contains strings, linearizing and encrypting with object streams would include encrypted strings in the trailer, which would blow out the padding because encrypted strings are longer than their cleartext counterparts.
Showing
2 changed files
with
9 additions
and
2 deletions
fuzz/qpdf_extra/15983.fuzz
0 → 100644
No preview for this file type
libqpdf/QPDFWriter.cc
| @@ -1341,7 +1341,11 @@ QPDFWriter::writeTrailer(trailer_e which, int size, bool xref_stream, | @@ -1341,7 +1341,11 @@ QPDFWriter::writeTrailer(trailer_e which, int size, bool xref_stream, | ||
| 1341 | qpdf_offset_t prev, int linearization_pass) | 1341 | qpdf_offset_t prev, int linearization_pass) |
| 1342 | { | 1342 | { |
| 1343 | QPDFObjectHandle trailer = getTrimmedTrailer(); | 1343 | QPDFObjectHandle trailer = getTrimmedTrailer(); |
| 1344 | - if (! xref_stream) | 1344 | + if (xref_stream) |
| 1345 | + { | ||
| 1346 | + this->m->cur_data_key.clear(); | ||
| 1347 | + } | ||
| 1348 | + else | ||
| 1345 | { | 1349 | { |
| 1346 | writeString("trailer <<"); | 1350 | writeString("trailer <<"); |
| 1347 | } | 1351 | } |
| @@ -3320,7 +3324,10 @@ QPDFWriter::writeLinearized() | @@ -3320,7 +3324,10 @@ QPDFWriter::writeLinearized() | ||
| 3320 | if (this->m->pipeline->getCount() != first_xref_end) | 3324 | if (this->m->pipeline->getCount() != first_xref_end) |
| 3321 | { | 3325 | { |
| 3322 | throw std::logic_error( | 3326 | throw std::logic_error( |
| 3323 | - "insufficient padding for first pass xref stream"); | 3327 | + "insufficient padding for first pass xref stream; " |
| 3328 | + "first_xref_end=" + | ||
| 3329 | + QUtil::int_to_string(first_xref_end) + | ||
| 3330 | + "; endpos=" + QUtil::int_to_string(endpos)); | ||
| 3324 | } | 3331 | } |
| 3325 | } | 3332 | } |
| 3326 | writeString("\n"); | 3333 | writeString("\n"); |