Prevent infinite recursion in /AcroForm traversal by checking for self-referencing fields.

m-holger
1 parent 7edafea8
Showing 4 changed files with 6 additions and 1 deletions
fuzz/CMakeLists.txt
fuzz/qpdf_extra/5344352869351424.fuzz
fuzz/qtest/fuzz.test
libqpdf/QPDFAcroFormDocumentHelper.cc
@@ -163,6 +163,7 @@ set(CORPUS_OTHER
   440747125.fuzz
   4720043549327360.fuzz
   5109284021272576.fuzz
+  5344352869351424.fuzz
   5828408539152384.fuzz
   6310410941956096.fuzz
   6322553212960768.fuzz
@@ -11,7 +11,7 @@ my $td = new TestDriver(&#39;fuzz&#39;);
  
 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
  
-my $n_qpdf_files = 104;       # increment when adding new files
+my $n_qpdf_files = 105;       # increment when adding new files
  
 my @fuzzers = (
     ['ascii85' => 1],
@@ -328,6 +328,10 @@ QPDFAcroFormDocumentHelper::traverseField(
             "ignoring field or annotation");
         return;
     }
+    if (field == parent) {
+        field.warn("loop detected while traversing /AcroForm");
+        return;
+    }
     if (!field.isDictionary()) {
         field.warn(
             "encountered a non-dictionary as a field or annotation while traversing /AcroForm; "