Commit 9fcf61b2f6e9f6670c5ef7103242b4640712dd4f
1 parent
4d1f2fdc
Fix loop in QPDFOutlineDocumentHelper (fuzz issue 30507)
Showing
3 changed files
with
10 additions
and
0 deletions
ChangeLog
| 1 | 2021-02-10 Jay Berkenbilt <ejb@ql.org> | 1 | 2021-02-10 Jay Berkenbilt <ejb@ql.org> |
| 2 | 2 | ||
| 3 | + * Detect loops when adding when reading outlines dictionary upon | ||
| 4 | + initialization of QPDFOutlineDocumentHelper (fuzz issue 30507). | ||
| 5 | + | ||
| 3 | * Add "attachments" as an additional json key, and add some | 6 | * Add "attachments" as an additional json key, and add some |
| 4 | information about attachments to the json output. | 7 | information about attachments to the json output. |
| 5 | 8 |
fuzz/qpdf_extra/30507.fuzz
0 → 100644
No preview for this file type
libqpdf/QPDFOutlineDocumentHelper.cc
| @@ -24,8 +24,15 @@ QPDFOutlineDocumentHelper::QPDFOutlineDocumentHelper(QPDF& qpdf) : | @@ -24,8 +24,15 @@ QPDFOutlineDocumentHelper::QPDFOutlineDocumentHelper(QPDF& qpdf) : | ||
| 24 | return; | 24 | return; |
| 25 | } | 25 | } |
| 26 | QPDFObjectHandle cur = outlines.getKey("/First"); | 26 | QPDFObjectHandle cur = outlines.getKey("/First"); |
| 27 | + std::set<QPDFObjGen> seen; | ||
| 27 | while (! cur.isNull()) | 28 | while (! cur.isNull()) |
| 28 | { | 29 | { |
| 30 | + auto og = cur.getObjGen(); | ||
| 31 | + if (seen.count(og)) | ||
| 32 | + { | ||
| 33 | + break; | ||
| 34 | + } | ||
| 35 | + seen.insert(og); | ||
| 29 | this->m->outlines.push_back( | 36 | this->m->outlines.push_back( |
| 30 | QPDFOutlineObjectHelper::Accessor::create(cur, *this, 1)); | 37 | QPDFOutlineObjectHelper::Accessor::create(cur, *this, 1)); |
| 31 | cur = cur.getKey("/Next"); | 38 | cur = cur.getKey("/Next"); |