Commit bdeb1036e3109c51121506c3fa0f3773e26e5b16
1 parent
059d9a9b
Improve null key/value handling in `NNTree`, add checks across insert operations
Fixes bug in #1523
Showing
1 changed file
with
9 additions
and
5 deletions
libqpdf/NNTree.cc
| @@ -106,7 +106,7 @@ NNTreeIterator::getNextKid(PathElement& pe, bool backward) | @@ -106,7 +106,7 @@ NNTreeIterator::getNextKid(PathElement& pe, bool backward) | ||
| 106 | bool | 106 | bool |
| 107 | NNTreeIterator::valid() const | 107 | NNTreeIterator::valid() const |
| 108 | { | 108 | { |
| 109 | - return item_number >= 0; | 109 | + return item_number >= 0 && ivalue.first && ivalue.second; |
| 110 | } | 110 | } |
| 111 | 111 | ||
| 112 | void | 112 | void |
| @@ -381,6 +381,9 @@ NNTreeIterator::insertAfter(QPDFObjectHandle const& key, QPDFObjectHandle const& | @@ -381,6 +381,9 @@ NNTreeIterator::insertAfter(QPDFObjectHandle const& key, QPDFObjectHandle const& | ||
| 381 | if (std::cmp_less(items.size(), item_number + 2)) { | 381 | if (std::cmp_less(items.size(), item_number + 2)) { |
| 382 | impl.error(node, "insert: items array is too short"); | 382 | impl.error(node, "insert: items array is too short"); |
| 383 | } | 383 | } |
| 384 | + if (!(key && value)) { | ||
| 385 | + impl.error(node, "insert: key or value is null"); | ||
| 386 | + } | ||
| 384 | items.insert(item_number + 2, key); | 387 | items.insert(item_number + 2, key); |
| 385 | items.insert(item_number + 3, value); | 388 | items.insert(item_number + 3, value); |
| 386 | resetLimits(node, lastPathElement()); | 389 | resetLimits(node, lastPathElement()); |
| @@ -737,11 +740,9 @@ NNTreeImpl::repair() | @@ -737,11 +740,9 @@ NNTreeImpl::repair() | ||
| 737 | new_node.replaceKey(details.itemsKey(), Array()); | 740 | new_node.replaceKey(details.itemsKey(), Array()); |
| 738 | NNTreeImpl repl(details, qpdf, new_node, false); | 741 | NNTreeImpl repl(details, qpdf, new_node, false); |
| 739 | for (auto const& [key, value]: *this) { | 742 | for (auto const& [key, value]: *this) { |
| 740 | -// if (key && value) { | 743 | + if (key && value) { |
| 741 | repl.insert(key, value); | 744 | repl.insert(key, value); |
| 742 | -// } else { | ||
| 743 | -// std::cerr << key.unparse() << "\n"; | ||
| 744 | -// } | 745 | + } |
| 745 | } | 746 | } |
| 746 | oh.replaceKey("/Kids", new_node.getKey("/Kids")); | 747 | oh.replaceKey("/Kids", new_node.getKey("/Kids")); |
| 747 | oh.replaceKey(details.itemsKey(), new_node.getKey(details.itemsKey())); | 748 | oh.replaceKey(details.itemsKey(), new_node.getKey(details.itemsKey())); |
| @@ -824,6 +825,9 @@ NNTreeImpl::insertFirst(QPDFObjectHandle const& key, QPDFObjectHandle const& val | @@ -824,6 +825,9 @@ NNTreeImpl::insertFirst(QPDFObjectHandle const& key, QPDFObjectHandle const& val | ||
| 824 | if (!items) { | 825 | if (!items) { |
| 825 | error(oh, "unable to find a valid items node"); | 826 | error(oh, "unable to find a valid items node"); |
| 826 | } | 827 | } |
| 828 | + if (!(key && value)) { | ||
| 829 | + error(oh, "unable to insert null key or value"); | ||
| 830 | + } | ||
| 827 | items.insert(0, key); | 831 | items.insert(0, key); |
| 828 | items.insert(1, value); | 832 | items.insert(1, value); |
| 829 | iter.setItemNumber(iter.node, 0); | 833 | iter.setItemNumber(iter.node, 0); |