Avoid cycles in PDF parsing

Resolves: #1626620
This commit is contained in:
Marek Kasik 2018-11-12 17:42:16 +01:00
parent 15a95ed4c7
commit 9bf292ca2a
2 changed files with 73 additions and 1 deletions

View File

@ -0,0 +1,65 @@
From 3d35d209c19c1d3b09b794a0c863ba5de44a9c0a Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Mon, 29 Oct 2018 17:44:47 +0100
Subject: [PATCH] Avoid cycles in PDF parsing
Mark objects being processed in Parser::makeStream() as being processed
and check the mark when entering this method to avoid processing
of the same object recursively.
---
poppler/Parser.cc | 15 +++++++++++++++
poppler/XRef.h | 1 +
2 files changed, 16 insertions(+)
diff --git a/poppler/Parser.cc b/poppler/Parser.cc
index bd4845ab..8f48efbe 100644
--- a/poppler/Parser.cc
+++ b/poppler/Parser.cc
@@ -197,6 +197,18 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey,
Stream *str;
Goffset length;
Goffset pos, endPos;
+ XRefEntry *entry = nullptr;
+
+ if (xref && (entry = xref->getEntry(objNum, false))) {
+ if (!entry->getFlag(XRefEntry::Parsing) ||
+ (objNum == 0 && objGen == 0)) {
+ entry->setFlag(XRefEntry::Parsing, true);
+ } else {
+ error(errSyntaxError, getPos(),
+ "Object '{0:d} {1:d} obj' is being already parsed", objNum, objGen);
+ return nullptr;
+ }
+ }
// get stream start position
lexer->skipToNextLine();
@@ -278,6 +290,9 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey,
// get filters
str = str->addFilters(str->getDict(), recursion);
+ if (entry)
+ entry->setFlag(XRefEntry::Parsing, false);
+
return str;
}
diff --git a/poppler/XRef.h b/poppler/XRef.h
index 11ee5e03..2eb2f9fd 100644
--- a/poppler/XRef.h
+++ b/poppler/XRef.h
@@ -68,7 +68,10 @@ struct XRefEntry {
// Special flags -- available only after xref->scanSpecialFlags() is run
Unencrypted, // Entry is stored in unencrypted form (meaningless in unencrypted documents)
- DontRewrite // Entry must not be written back in case of full rewrite
+ DontRewrite, // Entry must not be written back in case of full rewrite
+
+ // Regular flag (moved here to preserve values of previous flags)
+ Parsing // Entry is currently being parsed
};
inline GBool getFlag(Flag flag) const {
--
2.19.1

View File

@ -4,7 +4,7 @@
Summary: PDF rendering library Summary: PDF rendering library
Name: poppler Name: poppler
Version: 0.67.0 Version: 0.67.0
Release: 2%{?dist} Release: 3%{?dist}
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
URL: http://poppler.freedesktop.org/ URL: http://poppler.freedesktop.org/
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@ -25,6 +25,9 @@ Patch7: poppler-0.67.0-qt4-const.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1569334 # https://bugzilla.redhat.com/show_bug.cgi?id=1569334
Patch8: poppler-0.67.0-embedded-file-check.patch Patch8: poppler-0.67.0-embedded-file-check.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1626618
Patch9: poppler-0.67.0-cycles-in-pdf-parsing.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gettext-devel BuildRequires: gettext-devel
@ -255,6 +258,10 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Mon Nov 12 2018 Marek Kasik <mkasik@redhat.com> - 0.67.0-3
- Avoid cycles in PDF parsing
- Resolves: #1626620
* Wed Oct 17 2018 Marek Kasik <mkasik@redhat.com> - 0.67.0-2 * Wed Oct 17 2018 Marek Kasik <mkasik@redhat.com> - 0.67.0-2
- Fix crash on missing embedded file - Fix crash on missing embedded file
- Resolves: #1569334 - Resolves: #1569334