OpenSystemsDevelopment / qpdf

Commit 78db34d25f559b0a5c9e7d33ab7732ad69d71afd

Authored by m-holger
1 parent ca80db6f

Add check for shared appearance stream in QPDFFormFieldObjectHelper::generateTextAppearance 

Ensure an appearance stream is not shared  before generating text appearances, improving error handling and data integrity.
Inline Side-by-side
Showing 4 changed files with 8 additions and 2 deletions
fuzz/CMakeLists.txt
  View file @78db34d
@@ -158,6 +158,7 @@ set(CORPUS_OTHER @@ -158,6 +158,7 @@ set(CORPUS_OTHER
158 398060137.fuzz 158 398060137.fuzz
159 409905355.fuzz 159 409905355.fuzz
160 411312393.fuzz 160 411312393.fuzz
  161 + 433311400.fuzz
161 5109284021272576.fuzz 162 5109284021272576.fuzz
162 ) 163 )
163 164
fuzz/qpdf_extra/433311400.fuzz 0 → 100644
View file @78db34d
No preview for this file type
fuzz/qtest/fuzz.test
  View file @78db34d
@@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz');
11 11
12 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; 12 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
13 13
14 -my $n_qpdf_files = 96; # increment when adding new files 14 +my $n_qpdf_files = 97; # increment when adding new files
15 15
16 my @fuzzers = ( 16 my @fuzzers = (
17 ['ascii85' => 1], 17 ['ascii85' => 1],
libqpdf/QPDFFormFieldObjectHelper.cc
  View file @78db34d
@@ -773,6 +773,12 @@ QPDFFormFieldObjectHelper::generateTextAppearance(QPDFAnnotationObjectHelper& ao @@ -773,6 +773,12 @@ QPDFFormFieldObjectHelper::generateTextAppearance(QPDFAnnotationObjectHelper& ao
773 aoh.getObjectHandle().warnIfPossible("unable to get normal appearance stream for update"); 773 aoh.getObjectHandle().warnIfPossible("unable to get normal appearance stream for update");
774 return; 774 return;
775 } 775 }
  776 +
  777 + if (AS.getObj().use_count() > 4) {
  778 + aoh.getObjectHandle().warnIfPossible(
  779 + "unable to generate text appearance from shared appearance stream for update");
  780 + return;
  781 + }
776 QPDFObjectHandle bbox_obj = AS.getDict().getKey("/BBox"); 782 QPDFObjectHandle bbox_obj = AS.getDict().getKey("/BBox");
777 if (!bbox_obj.isRectangle()) { 783 if (!bbox_obj.isRectangle()) {
778 aoh.getObjectHandle().warnIfPossible("unable to get appearance stream bounding box"); 784 aoh.getObjectHandle().warnIfPossible("unable to get appearance stream bounding box");
@@ -831,7 +837,6 @@ QPDFFormFieldObjectHelper::generateTextAppearance(QPDFAnnotationObjectHelper& ao @@ -831,7 +837,6 @@ QPDFFormFieldObjectHelper::generateTextAppearance(QPDFAnnotationObjectHelper& ao
831 for (size_t i = 0; i < opt.size(); ++i) { 837 for (size_t i = 0; i < opt.size(); ++i) {
832 opt.at(i) = (*encoder)(opt.at(i), '?'); 838 opt.at(i) = (*encoder)(opt.at(i), '?');
833 } 839 }
834 -  
835 AS.addTokenFilter( 840 AS.addTokenFilter(
836 std::shared_ptr<QPDFObjectHandle::TokenFilter>(new ValueSetter(DA, V, opt, tf, bbox))); 841 std::shared_ptr<QPDFObjectHandle::TokenFilter>(new ValueSetter(DA, V, opt, tf, bbox)));
837 } 842 }