Commit 1b6a504d424d3a153b97e8da12492eb597635671
1 parent
529501aa
Add sanity check for xref stream /Size entry
Showing
1 changed file
with
3 additions
and
0 deletions
libqpdf/QPDF.cc
| @@ -1295,6 +1295,9 @@ QPDF::Xref_table::process_stream(qpdf_offset_t xref_offset, QPDFObjectHandle& xr | @@ -1295,6 +1295,9 @@ QPDF::Xref_table::process_stream(qpdf_offset_t xref_offset, QPDFObjectHandle& xr | ||
| 1295 | 1295 | ||
| 1296 | if (!trailer_) { | 1296 | if (!trailer_) { |
| 1297 | trailer_ = dict; | 1297 | trailer_ = dict; |
| 1298 | + if (size > toS(max_id_)) { | ||
| 1299 | + throw damaged("Cross-reference stream /Size entry is impossibly large"); | ||
| 1300 | + } | ||
| 1298 | table.resize(size); | 1301 | table.resize(size); |
| 1299 | } | 1302 | } |
| 1300 | 1303 |