Commit 9fcf61b2f6e9f6670c5ef7103242b4640712dd4f
1 parent
4d1f2fdc
Fix loop in QPDFOutlineDocumentHelper (fuzz issue 30507)
Showing
3 changed files
with
10 additions
and
0 deletions
ChangeLog
| 1 | 1 | 2021-02-10 Jay Berkenbilt <ejb@ql.org> |
| 2 | 2 | |
| 3 | + * Detect loops when adding when reading outlines dictionary upon | |
| 4 | + initialization of QPDFOutlineDocumentHelper (fuzz issue 30507). | |
| 5 | + | |
| 3 | 6 | * Add "attachments" as an additional json key, and add some |
| 4 | 7 | information about attachments to the json output. |
| 5 | 8 | ... | ... |
fuzz/qpdf_extra/30507.fuzz
0 → 100644
No preview for this file type
libqpdf/QPDFOutlineDocumentHelper.cc
| ... | ... | @@ -24,8 +24,15 @@ QPDFOutlineDocumentHelper::QPDFOutlineDocumentHelper(QPDF& qpdf) : |
| 24 | 24 | return; |
| 25 | 25 | } |
| 26 | 26 | QPDFObjectHandle cur = outlines.getKey("/First"); |
| 27 | + std::set<QPDFObjGen> seen; | |
| 27 | 28 | while (! cur.isNull()) |
| 28 | 29 | { |
| 30 | + auto og = cur.getObjGen(); | |
| 31 | + if (seen.count(og)) | |
| 32 | + { | |
| 33 | + break; | |
| 34 | + } | |
| 35 | + seen.insert(og); | |
| 29 | 36 | this->m->outlines.push_back( |
| 30 | 37 | QPDFOutlineObjectHelper::Accessor::create(cur, *this, 1)); |
| 31 | 38 | cur = cur.getKey("/Next"); | ... | ... |