Commit 1b6a504d424d3a153b97e8da12492eb597635671
1 parent
529501aa
Add sanity check for xref stream /Size entry
Showing
1 changed file
with
3 additions
and
0 deletions
libqpdf/QPDF.cc
| ... | ... | @@ -1295,6 +1295,9 @@ QPDF::Xref_table::process_stream(qpdf_offset_t xref_offset, QPDFObjectHandle& xr |
| 1295 | 1295 | |
| 1296 | 1296 | if (!trailer_) { |
| 1297 | 1297 | trailer_ = dict; |
| 1298 | + if (size > toS(max_id_)) { | |
| 1299 | + throw damaged("Cross-reference stream /Size entry is impossibly large"); | |
| 1300 | + } | |
| 1298 | 1301 | table.resize(size); |
| 1299 | 1302 | } |
| 1300 | 1303 | ... | ... |