OpenSystemsDevelopment / qpdf

Commit 3e74916c5a658d310c37b7dd73b0305c0d1e8ff9

Authored by Jay Berkenbilt
1 parent f78ea057

Fix seg fault on empty xref stream (fixes #263) 

Thanks to @p-cher for supplying a patch.
Inline Side-by-side
Showing 4 changed files with 49 additions and 1 deletions
libqpdf/QPDF.cc
  View file @3e74916
@@ -1228,7 +1228,11 @@ QPDF::getObjectCount() @@ -1228,7 +1228,11 @@ QPDF::getObjectCount()
1228 { 1228 {
1229 o1 = (*(this->m->obj_cache.rbegin())).first; 1229 o1 = (*(this->m->obj_cache.rbegin())).first;
1230 } 1230 }
1231 - QPDFObjGen o2 = (*(this->m->xref_table.rbegin())).first; 1231 + QPDFObjGen o2(0, 0);
  1232 + if (! this->m->xref_table.empty())
  1233 + {
  1234 + o2 = (*(this->m->xref_table.rbegin())).first;
  1235 + }
1232 QTC::TC("qpdf", "QPDF indirect last obj from xref", 1236 QTC::TC("qpdf", "QPDF indirect last obj from xref",
1233 (o2.getObj() > o1.getObj()) ? 1 : 0); 1237 (o2.getObj() > o1.getObj()) ? 1 : 0);
1234 return std::max(o1.getObj(), o2.getObj()); 1238 return std::max(o1.getObj(), o2.getObj());
qpdf/qtest/qpdf.test
  View file @3e74916
@@ -450,6 +450,7 @@ my @bug_tests = ( @@ -450,6 +450,7 @@ my @bug_tests = (
450 ["149", "xref prev pointer loop", 3], 450 ["149", "xref prev pointer loop", 3],
451 ["150", "integer overflow", 2], 451 ["150", "integer overflow", 2],
452 ["202", "even more deeply nested dictionary", 2], 452 ["202", "even more deeply nested dictionary", 2],
  453 + ["263", "empty xref stream", 3],
453 ); 454 );
454 $n_tests += scalar(@bug_tests); 455 $n_tests += scalar(@bug_tests);
455 foreach my $d (@bug_tests) 456 foreach my $d (@bug_tests)
qpdf/qtest/qpdf/issue-263.out 0 → 100644
  View file @3e74916
  1 +WARNING: issue-263.pdf: can't find PDF header
  2 +WARNING: issue-263.pdf: file is damaged
  3 +WARNING: issue-263.pdf: can't find startxref
  4 +WARNING: issue-263.pdf: Attempting to reconstruct cross-reference table
  5 +WARNING: issue-263.pdf (trailer, offset 66): unknown token while reading object; treating as string
  6 +WARNING: issue-263.pdf (trailer, offset 75): unknown token while reading object; treating as string
  7 +WARNING: issue-263.pdf (trailer, offset 79): unknown token while reading object; treating as string
  8 +WARNING: issue-263.pdf (trailer, offset 82): unexpected )
  9 +WARNING: issue-263.pdf (trailer, offset 83): unknown token while reading object; treating as string
  10 +WARNING: issue-263.pdf (trailer, offset 87): unexpected >
  11 +WARNING: issue-263.pdf (trailer, offset 89): unexpected dictionary close token
  12 +WARNING: issue-263.pdf (trailer, offset 92): unexpected >
  13 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake1
  14 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake2
  15 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake3
  16 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake4
  17 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake5
  18 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake6
  19 +WARNING: issue-263.pdf (trailer, offset 40): expected dictionary key but found non-name object; inserting key /QPDFFake7
  20 +WARNING: issue-263.pdf (trailer, offset 98): unknown token while reading object; treating as string
  21 +WARNING: issue-263.pdf (trailer, offset 103): unexpected )
  22 +WARNING: issue-263.pdf (trailer, offset 107): unknown token while reading object; treating as string
  23 +WARNING: issue-263.pdf (trailer, offset 119): expected dictionary key but found non-name object; inserting key /QPDFFake1
  24 +WARNING: issue-263.pdf (trailer, offset 163): unknown token while reading object; treating as string
  25 +WARNING: issue-263.pdf (trailer, offset 173): unknown token while reading object; treating as string
  26 +WARNING: issue-263.pdf (trailer, offset 113): expected dictionary key but found non-name object; inserting key /QPDFFake1
  27 +WARNING: issue-263.pdf (trailer, offset 113): expected dictionary key but found non-name object; inserting key /QPDFFake2
  28 +WARNING: issue-263.pdf (trailer, offset 113): dictionary ended prematurely; using null as value for last key
  29 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake1
  30 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake2
  31 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake3
  32 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake4
  33 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake5
  34 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake6
  35 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake7
  36 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake8
  37 +WARNING: issue-263.pdf (trailer, offset 18): expected dictionary key but found non-name object; inserting key /QPDFFake9
  38 +qpdf: operation succeeded with warnings; resulting file may have some problems
qpdf/qtest/qpdf/issue-263.pdf 0 → 100644
  View file @3e74916
  1 +%PDFn
  2 +trailer
  3 +<</S10/Prev 5137/Root <<5 0 R/In-2476-247682085 0 R82085 0 Rfo R/I)D[<>>7>>8>]>>
  4 +sbj 5) 0 obj <</Des<</4/Prtor 12>>/Filter/Flatode/ID[<07>]/Inf 0 R/Len50/R R/Size >>-247682085 -247682085 >>-247682085 0 R-247682085 -247682085 0 R26/Type/XRef/W[1 2 9]>>stream
  5 +h
0 \ No newline at end of file 6 \ No newline at end of file