Commit 6971f78ff6fb87a7e6da6ee57e8e28ded4fe1a26
1 parent
ffe6af6f
Fix stack overflow on direct root (fuzz issue 26761)
Showing
3 changed files
with
6 additions
and
1 deletions
ChangeLog
| 1 | 1 | 2020-10-31 Jay Berkenbilt <ejb@ql.org> |
| 2 | 2 | |
| 3 | + * Don't enter extension initialization in QPDFWriter on a direct | |
| 4 | + object. Fixes stack overflow in pathological case of /Root being a | |
| 5 | + direct object (fuzz issue 26761). | |
| 6 | + | |
| 3 | 7 | * My previous fix to #449 (handling foreign streams with indirect |
| 4 | 8 | objects in /Filter and/or /DecodeParms) was incorrect and caused |
| 5 | 9 | other problems. There is a now a correct fix to the original | ... | ... |
fuzz/qpdf_extra/26761.fuzz
0 → 100644
No preview for this file type
libqpdf/QPDFWriter.cc
| ... | ... | @@ -1537,7 +1537,8 @@ QPDFWriter::unparseObject(QPDFObjectHandle object, int level, |
| 1537 | 1537 | bool have_extensions_adbe = false; |
| 1538 | 1538 | |
| 1539 | 1539 | QPDFObjectHandle extensions; |
| 1540 | - if (old_og == this->m->pdf.getRoot().getObjGen()) | |
| 1540 | + if ((old_og.getObj() != 0) && | |
| 1541 | + (old_og == this->m->pdf.getRoot().getObjGen())) | |
| 1541 | 1542 | { |
| 1542 | 1543 | is_root = true; |
| 1543 | 1544 | if (object.hasKey("/Extensions") && | ... | ... |