From 3d35d209c19c1d3b09b794a0c863ba5de44a9c0a Mon Sep 17 00:00:00 2001 From: Marek Kasik Date: Mon, 29 Oct 2018 17:44:47 +0100 Subject: [PATCH] Avoid cycles in PDF parsing Mark objects being processed in Parser::makeStream() as being processed and check the mark when entering this method to avoid processing of the same object recursively. --- poppler/Parser.cc | 15 +++++++++++++++ poppler/XRef.h | 1 + 2 files changed, 16 insertions(+) diff --git a/poppler/Parser.cc b/poppler/Parser.cc index bd4845ab..8f48efbe 100644 --- a/poppler/Parser.cc +++ b/poppler/Parser.cc @@ -197,6 +197,18 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey, Stream *str; Goffset length; Goffset pos, endPos; + XRefEntry *entry = nullptr; + + if (xref && (entry = xref->getEntry(objNum, false))) { + if (!entry->getFlag(XRefEntry::Parsing) || + (objNum == 0 && objGen == 0)) { + entry->setFlag(XRefEntry::Parsing, true); + } else { + error(errSyntaxError, getPos(), + "Object '{0:d} {1:d} obj' is being already parsed", objNum, objGen); + return nullptr; + } + } // get stream start position lexer->skipToNextLine(); @@ -278,6 +290,9 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey, // get filters str = str->addFilters(str->getDict(), recursion); + if (entry) + entry->setFlag(XRefEntry::Parsing, false); + return str; } diff --git a/poppler/XRef.h b/poppler/XRef.h index 11ee5e03..2eb2f9fd 100644 --- a/poppler/XRef.h +++ b/poppler/XRef.h @@ -68,7 +68,10 @@ struct XRefEntry { // Special flags -- available only after xref->scanSpecialFlags() is run Unencrypted, // Entry is stored in unencrypted form (meaningless in unencrypted documents) - DontRewrite // Entry must not be written back in case of full rewrite + DontRewrite, // Entry must not be written back in case of full rewrite + + // Regular flag (moved here to preserve values of previous flags) + Parsing // Entry is currently being parsed }; inline GBool getFlag(Flag flag) const { -- 2.19.1