From 55d486b1d59993fa17d2fddfa4c6442db096c860 Mon Sep 17 00:00:00 2001
From: Zdenek Dohnal <zdohnal@redhat.com>
Date: Thu, 3 Aug 2017 08:49:56 +0200
Subject: [PATCH] 1477213 - Detect recursions loop resolving objects

---
 qpdf-6.0.0-detect-recursions.patch | 61 ++++++++++++++++++++++++++++++
 qpdf.spec                          |  7 +++-
 2 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 qpdf-6.0.0-detect-recursions.patch

diff --git a/qpdf-6.0.0-detect-recursions.patch b/qpdf-6.0.0-detect-recursions.patch
new file mode 100644
index 0000000..ae87d80
--- /dev/null
+++ b/qpdf-6.0.0-detect-recursions.patch
@@ -0,0 +1,61 @@
+diff -up qpdf-6.0.0/include/qpdf/QPDF.hh.detect-recursions qpdf-6.0.0/include/qpdf/QPDF.hh
+--- qpdf-6.0.0/include/qpdf/QPDF.hh.detect-recursions	2015-11-10 18:48:52.000000000 +0100
++++ qpdf-6.0.0/include/qpdf/QPDF.hh	2017-08-02 08:41:17.500831407 +0200
+@@ -603,6 +603,25 @@ class QPDF
+         int gen;
+     };
+ 
++    class ResolveRecorder
++    {
++      public:
++        ResolveRecorder(QPDF* qpdf, QPDFObjGen const& og) :
++            qpdf(qpdf),
++            og(og)
++        {
++            qpdf->resolving.insert(og);
++        }
++        virtual ~ResolveRecorder()
++        {
++            this->qpdf->resolving.erase(og);
++        }
++      private:
++        QPDF* qpdf;
++        QPDFObjGen og;
++    };
++    friend class ResolveRecorder;
++
+     void parse(char const* password);
+     void warn(QPDFExc const& e);
+     void setTrailer(QPDFObjectHandle obj);
+@@ -1065,6 +1084,7 @@ class QPDF
+     std::map<QPDFObjGen, QPDFXRefEntry> xref_table;
+     std::set<int> deleted_objects;
+     std::map<QPDFObjGen, ObjCache> obj_cache;
++    std::set<QPDFObjGen> resolving;
+     QPDFObjectHandle trailer;
+     std::vector<QPDFObjectHandle> all_pages;
+     std::map<QPDFObjGen, int> pageobj_to_pages_pos;
+diff -up qpdf-6.0.0/libqpdf/QPDF.cc.detect-recursions qpdf-6.0.0/libqpdf/QPDF.cc
+--- qpdf-6.0.0/libqpdf/QPDF.cc.detect-recursions	2015-11-10 18:48:52.000000000 +0100
++++ qpdf-6.0.0/libqpdf/QPDF.cc	2017-08-02 08:42:19.070393817 +0200
+@@ -1453,6 +1453,20 @@ QPDF::resolve(int objid, int generation)
+     // to insert things into the object cache that don't actually
+     // exist in the file.
+     QPDFObjGen og(objid, generation);
++    if (this->resolving.count(og))
++    {
++        // This can happen if an object references itself directly or
++        // indirectly in some key that has to be resolved during
++        // object parsing, such as stream length.
++       warn(QPDFExc(qpdf_e_damaged_pdf, this->file->getName(),
++		        "", this->file->getLastOffset(),
++		        "loop detected resolving object " +
++		        QUtil::int_to_string(objid) + " " +
++		        QUtil::int_to_string(generation)));
++        return new QPDF_Null;
++    }
++    ResolveRecorder rr(this, og);
++
+     if (! this->obj_cache.count(og))
+     {
+ 	if (! this->xref_table.count(og))
diff --git a/qpdf.spec b/qpdf.spec
index 87521d3..2a5e05f 100644
--- a/qpdf.spec
+++ b/qpdf.spec
@@ -1,13 +1,14 @@
 Summary: Command-line tools and library for transforming PDF files
 Name:    qpdf
 Version: 6.0.0
-Release: 3%{?dist}
+Release: 4%{?dist}
 # MIT: e.g. libqpdf/sha2.c
 License: Artistic 2.0 and MIT
 URL:     http://qpdf.sourceforge.net/
 Source0: http://downloads.sourceforge.net/sourceforge/qpdf/qpdf-%{version}.tar.gz
 
 Patch0:  qpdf-doc.patch
+Patch1:  qpdf-6.0.0-detect-recursions.patch
 
 BuildRequires: zlib-devel
 BuildRequires: pcre-devel
@@ -63,6 +64,7 @@ QPDF Manual
 
 # fix 'complete manual location' note in man pages
 %patch0 -p1 -b .doc
+%patch1 -p1 -b .detect-recursions
 
 sed -i -e '1s,^#!/usr/bin/env perl,#!/usr/bin/perl,' qpdf/fix-qdf
 
@@ -108,6 +110,9 @@ make check
 
 
 %changelog
+* Thu Aug 03 2017 Zdenek Dohnal <zdohnal@redhat.com> - 6.0.0-4
+- 1477213 - Detect recursions loop resolving objects
+
 * Wed Aug 03 2016 Jiri Popelka <jpopelka@redhat.com> - 6.0.0-3
 - %%{_defaultdocdir}/qpdf/ -> %%{_pkgdocdir}