1477213 - Detect recursions loop resolving objects

2017-08-03 08:49:56 +02:00 · 2017-08-03 08:49:56 +02:00 · 55d486b1d5
commit 55d486b1d5
parent a3d0a69ad2
2 changed files with 67 additions and 1 deletions
--- a/qpdf-6.0.0-detect-recursions.patch
+++ b/qpdf-6.0.0-detect-recursions.patch
@ -0,0 +1,61 @@
+diff -up qpdf-6.0.0/include/qpdf/QPDF.hh.detect-recursions qpdf-6.0.0/include/qpdf/QPDF.hh
+--- qpdf-6.0.0/include/qpdf/QPDF.hh.detect-recursions	2015-11-10 18:48:52.000000000 +0100
+++ qpdf-6.0.0/include/qpdf/QPDF.hh	2017-08-02 08:41:17.500831407 +0200
+@@ -603,6 +603,25 @@ class QPDF
+         int gen;
+     };
+ 
+    class ResolveRecorder
+    {
+      public:
+        ResolveRecorder(QPDF* qpdf, QPDFObjGen const& og) :
+            qpdf(qpdf),
+            og(og)
+        {
+            qpdf->resolving.insert(og);
+        }
+        virtual ~ResolveRecorder()
+        {
+            this->qpdf->resolving.erase(og);
+        }
+      private:
+        QPDF* qpdf;
+        QPDFObjGen og;
+    };
+    friend class ResolveRecorder;
+
+     void parse(char const* password);
+     void warn(QPDFExc const& e);
+     void setTrailer(QPDFObjectHandle obj);
+@@ -1065,6 +1084,7 @@ class QPDF
+     std::map<QPDFObjGen, QPDFXRefEntry> xref_table;
+     std::set<int> deleted_objects;
+     std::map<QPDFObjGen, ObjCache> obj_cache;
+    std::set<QPDFObjGen> resolving;
+     QPDFObjectHandle trailer;
+     std::vector<QPDFObjectHandle> all_pages;
+     std::map<QPDFObjGen, int> pageobj_to_pages_pos;
+diff -up qpdf-6.0.0/libqpdf/QPDF.cc.detect-recursions qpdf-6.0.0/libqpdf/QPDF.cc
+--- qpdf-6.0.0/libqpdf/QPDF.cc.detect-recursions	2015-11-10 18:48:52.000000000 +0100
+++ qpdf-6.0.0/libqpdf/QPDF.cc	2017-08-02 08:42:19.070393817 +0200
+@@ -1453,6 +1453,20 @@ QPDF::resolve(int objid, int generation)
+     // to insert things into the object cache that don't actually
+     // exist in the file.
+     QPDFObjGen og(objid, generation);
+    if (this->resolving.count(og))
+    {
+        // This can happen if an object references itself directly or
+        // indirectly in some key that has to be resolved during
+        // object parsing, such as stream length.
+       warn(QPDFExc(qpdf_e_damaged_pdf, this->file->getName(),
+		        "", this->file->getLastOffset(),
+		        "loop detected resolving object " +
+		        QUtil::int_to_string(objid) + " " +
+		        QUtil::int_to_string(generation)));
+        return new QPDF_Null;
+    }
+    ResolveRecorder rr(this, og);
+
+     if (! this->obj_cache.count(og))
+     {
+ 	if (! this->xref_table.count(og))
--- a/qpdf.spec
+++ b/qpdf.spec
@ -1,13 +1,14 @@
 Summary: Command-line tools and library for transforming PDF files
 Name:    qpdf
 Version: 6.0.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 # MIT: e.g. libqpdf/sha2.c
 License: Artistic 2.0 and MIT
 URL:     http://qpdf.sourceforge.net/
 Source0: http://downloads.sourceforge.net/sourceforge/qpdf/qpdf-%{version}.tar.gz

 Patch0:  qpdf-doc.patch
+Patch1:  qpdf-6.0.0-detect-recursions.patch

 BuildRequires: zlib-devel
 BuildRequires: pcre-devel
@ -63,6 +64,7 @@ QPDF Manual

 # fix 'complete manual location' note in man pages
 %patch0 -p1 -b .doc
+%patch1 -p1 -b .detect-recursions

 sed -i -e '1s,^#!/usr/bin/env perl,#!/usr/bin/perl,' qpdf/fix-qdf

@ -108,6 +110,9 @@ make check


 %changelog
+* Thu Aug 03 2017 Zdenek Dohnal <zdohnal@redhat.com> - 6.0.0-4
+- 1477213 - Detect recursions loop resolving objects
+
 * Wed Aug 03 2016 Jiri Popelka <jpopelka@redhat.com> - 6.0.0-3
 - %%{_defaultdocdir}/qpdf/ -> %%{_pkgdocdir}