OpenSystemsDevelopment / qpdf

Commit 78db34d25f559b0a5c9e7d33ab7732ad69d71afd

Authored by m-holger
1 parent ca80db6f

Add check for shared appearance stream in QPDFFormFieldObjectHelper::generateTextAppearance 

Ensure an appearance stream is not shared  before generating text appearances, improving error handling and data integrity.
Inline Side-by-side
Showing 4 changed files with 8 additions and 2 deletions
fuzz/CMakeLists.txt
  View file @78db34d
... ... @@ -158,6 +158,7 @@ set(CORPUS_OTHER
158 158 398060137.fuzz
159 159 409905355.fuzz
160 160 411312393.fuzz
  161 + 433311400.fuzz
161 162 5109284021272576.fuzz
162 163 )
163 164  
... ...
fuzz/qpdf_extra/433311400.fuzz 0 → 100644
View file @78db34d
No preview for this file type
fuzz/qtest/fuzz.test
  View file @78db34d
... ... @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz');
11 11  
12 12 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
13 13  
14   -my $n_qpdf_files = 96; # increment when adding new files
  14 +my $n_qpdf_files = 97; # increment when adding new files
15 15  
16 16 my @fuzzers = (
17 17 ['ascii85' => 1],
... ...
libqpdf/QPDFFormFieldObjectHelper.cc
  View file @78db34d
... ... @@ -773,6 +773,12 @@ QPDFFormFieldObjectHelper::generateTextAppearance(QPDFAnnotationObjectHelper& ao
773 773 aoh.getObjectHandle().warnIfPossible("unable to get normal appearance stream for update");
774 774 return;
775 775 }
  776 +
  777 + if (AS.getObj().use_count() > 4) {
  778 + aoh.getObjectHandle().warnIfPossible(
  779 + "unable to generate text appearance from shared appearance stream for update");
  780 + return;
  781 + }
776 782 QPDFObjectHandle bbox_obj = AS.getDict().getKey("/BBox");
777 783 if (!bbox_obj.isRectangle()) {
778 784 aoh.getObjectHandle().warnIfPossible("unable to get appearance stream bounding box");
... ... @@ -831,7 +837,6 @@ QPDFFormFieldObjectHelper::generateTextAppearance(QPDFAnnotationObjectHelper& ao
831 837 for (size_t i = 0; i < opt.size(); ++i) {
832 838 opt.at(i) = (*encoder)(opt.at(i), '?');
833 839 }
834   -
835 840 AS.addTokenFilter(
836 841 std::shared_ptr<QPDFObjectHandle::TokenFilter>(new ValueSetter(DA, V, opt, tf, bbox)));
837 842 }
... ...