OpenSystemsDevelopment / qpdf

Commit 3490090fbc7266dfcf7c80c6766d4d557b314292

Authored by Jay Berkenbilt
1 parent 7ae095fa

Detect JSON object whose value is an indirect object

Inline Side-by-side
Showing 6 changed files with 77 additions and 1 deletions
fuzz/json_fuzzer_seed_corpus/7865f715436bd6c3cdb6b073fcb44b297cb98097 0 โ†’ 100644
  View file @3490090
  1 +{"qpdf":[{},{"obj:1 0 R":{"value":"2 0 R"
0 2 \ No newline at end of file
... ...
fuzz/qtest/fuzz.test
  View file @3490090
... ... @@ -16,7 +16,7 @@ my @fuzzers = (
16 16 ['dct' => 1],
17 17 ['flate' => 1],
18 18 ['hex' => 1],
19   - ['json' => 38],
  19 + ['json' => 39],
20 20 ['lzw' => 2],
21 21 ['pngpredictor' => 1],
22 22 ['runlength' => 6],
... ...
libqpdf/QPDF_json.cc
  View file @3490090
... ... @@ -441,6 +441,10 @@ QPDF::JSONReactor::containerEnd(JSON const& value)
441 441 void
442 442 QPDF::JSONReactor::replaceObject(QPDFObjectHandle&& replacement, JSON const& value)
443 443 {
  444 + if (replacement.isIndirect()) {
  445 + error(replacement.getParsedOffset(), "the value of an object may not be an indirect object reference");
  446 + return;
  447 + }
444 448 auto& tos = stack.back();
445 449 auto og = tos.object.getObjGen();
446 450 this->pdf.replaceObject(og, replacement);
... ...
qpdf/qtest/qpdf-json.test
  View file @3490090
... ... @@ -28,6 +28,7 @@ my @badfiles = (
28 28 'objects-not-dict',
29 29 'bad-object-key',
30 30 'object-not-dict',
  31 + 'object-value-indirect',
31 32 'stream-not-dict',
32 33 'stream-dict-not-dict',
33 34 'trailer-not-dict',
... ...
qpdf/qtest/qpdf/qjson-object-value-indirect.json 0 โ†’ 100644
  View file @3490090
  1 +{
  2 + "qpdf": [
  3 + {
  4 + "jsonversion": 2,
  5 + "pdfversion": "1.3",
  6 + "maxobjectid": 6
  7 + },
  8 + {
  9 + "obj:1 0 R": {
  10 + "value": "2 0 R"
  11 + },
  12 + "obj:2 0 R": {
  13 + "value": {
  14 + "/Count": 1,
  15 + "/Kids": [
  16 + "3 0 R"
  17 + ],
  18 + "/Type": "/Pages"
  19 + }
  20 + },
  21 + "obj:3 0 R": {
  22 + "value": {
  23 + "/Contents": "4 0 R",
  24 + "/MediaBox": [
  25 + 0,
  26 + 0,
  27 + 612,
  28 + 792
  29 + ],
  30 + "/Parent": "2 0 R",
  31 + "/Resources": {
  32 + "/Font": {
  33 + "/F1": "6 0 R"
  34 + },
  35 + "/ProcSet": "5 0 R"
  36 + },
  37 + "/Type": "/Page"
  38 + }
  39 + },
  40 + "obj:4 0 R": {
  41 + "stream": {
  42 + "data": "QlQKICAvRjEgMjQgVGYKICA3MiA3MjAgVGQKICAoUG90YXRvKSBUagpFVAo=",
  43 + "dict": {}
  44 + }
  45 + },
  46 + "obj:5 0 R": {
  47 + "value": [
  48 + "/PDF",
  49 + "/Text"
  50 + ]
  51 + },
  52 + "obj:6 0 R": {
  53 + "value": {
  54 + "/BaseFont": "/Helvetica",
  55 + "/Encoding": "/WinAnsiEncoding",
  56 + "/Subtype": "/Type1",
  57 + "/Type": "/Font"
  58 + }
  59 + },
  60 + "trailer": {
  61 + "value": {
  62 + "/Root": "1 0 R",
  63 + "/Size": 7
  64 + }
  65 + }
  66 + }
  67 + ]
  68 +}
... ...
qpdf/qtest/qpdf/qjson-object-value-indirect.out 0 โ†’ 100644
  View file @3490090
  1 +WARNING: qjson-object-value-indirect.json (obj:1 0 R): the value of an object may not be an indirect object reference
  2 +qpdf: qjson-object-value-indirect.json: errors found in JSON
... ...