Merge pull request #1288 from m-holger/fuzz

In QPDFParser add a limit on total number of errors in one object

Merge pull request #1288 from m-holger/fuzz
In QPDFParser add a limit on total number of errors in one object
m-holger · GitHub
2 parents ff2a78f5 06a2d955
Showing 2 changed files with 11 additions and 8 deletions
libqpdf/QPDFParser.cc
libqpdf/qpdf/QPDFParser.hh
@@ -469,13 +469,14 @@ QPDFParser::fixMissingKeys()
 bool
 QPDFParser::tooManyBadTokens()
 {
-    if (good_count <= 4) {
-        if (++bad_count > 5) {
-            warn("too many errors; giving up on reading object");
-            return true;
-        }
-    } else {
+    if (--max_bad_count > 0 && good_count > 4) {
+        good_count = 0;
         bad_count = 1;
+        return false;
+    }
+    if (++bad_count > 5) {
+        warn("too many errors; giving up on reading object");
+        return true;
     }
     good_count = 0;
     return false;
@@ -83,9 +83,11 @@ class QPDFParser
     std::vector<StackFrame> stack;
     StackFrame* frame;
     // Number of recent bad tokens.
-    int bad_count = 0;
+    int bad_count{0};
+    // Number of bad tokens (remaining) before giving up.
+    int max_bad_count{15};
     // Number of good tokens since last bad token. Irrelevant if bad_count == 0.
-    int good_count = 0;
+    int good_count{0};
     // Start offset including any leading whitespace.
     qpdf_offset_t start;
     // Number of successive integer tokens.