[poppler] poppler/poppler: Lexer.cc, 1.2, 1.3 Lexer.h, 1.2, 1.3 Parser.cc, 1.3, 1.4 Parser.h, 1.2, 1.3 XRef.cc, 1.10, 1.11 XRef.h, 1.5, 1.6

Albert Astals Cid aacid at freedesktop.org
Tue Jan 17 13:35:33 PST 2006 

Update of /cvs/poppler/poppler/poppler
In directory gabe:/tmp/cvs-serv2968/poppler

Modified Files:
	Lexer.cc Lexer.h Parser.cc Parser.h XRef.cc XRef.h 
Log Message:
When doing the parsing check with XREF we did not grow too much. Fixes serialata10a.pdf


Index: Lexer.cc
===================================================================
RCS file: /cvs/poppler/poppler/poppler/Lexer.cc,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Lexer.cc	31 Aug 2005 15:28:46 -0000	1.2
+++ Lexer.cc	17 Jan 2006 21:35:31 -0000	1.3
@@ -18,6 +18,7 @@
 #include <ctype.h>
 #include "Lexer.h"
 #include "Error.h"
+#include "XRef.h"
 
 //------------------------------------------------------------------------
 
@@ -46,9 +47,11 @@
 // Lexer
 //------------------------------------------------------------------------
 
-Lexer::Lexer(XRef *xref, Stream *str) {
+Lexer::Lexer(XRef *xrefA, Stream *str) {
   Object obj;
 
+  xref = xrefA;
+
   curStr.initStream(str);
   streams = new Array(xref);
   streams->add(curStr.copy(&obj));
@@ -57,9 +60,11 @@
   curStr.streamReset();
 }
 
-Lexer::Lexer(XRef *xref, Object *obj) {
+Lexer::Lexer(XRef *xrefA, Object *obj) {
   Object obj2;
 
+  xref = xrefA;
+
   if (obj->isStream()) {
     streams = new Array(xref);
     freeArray = gTrue;
@@ -108,7 +113,7 @@
   return curStr.streamLookChar();
 }
 
-Object *Lexer::getObj(Object *obj) {
+Object *Lexer::getObj(Object *obj, int objNum) {
   char *p;
   int c, c2;
   GBool comment, neg, done;
@@ -291,6 +296,17 @@
 	    s->append(tokBuf, tokBufSize);
 	  p = tokBuf;
 	  n = 0;
+	  
+	  // we are growing see if the document is not malformed and we are growing too much
+	  if (objNum != -1)
+	  {
+	    int newObjNum = xref->getNumEntry(getPos());
+	    if (newObjNum != objNum)
+	    {
+	      error(getPos(), "Unterminated string");
+	      done = gTrue;
+	    }
+	  }
 	}
 	*p++ = (char)c2;
 	++n;

Index: Lexer.h
===================================================================
RCS file: /cvs/poppler/poppler/poppler/Lexer.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Lexer.h	31 Aug 2005 15:28:46 -0000	1.2
+++ Lexer.h	17 Jan 2006 21:35:31 -0000	1.3
@@ -29,17 +29,17 @@
 
   // Construct a lexer for a single stream.  Deletes the stream when
   // lexer is deleted.
-  Lexer(XRef *xref, Stream *str);
+  Lexer(XRef *xrefA, Stream *str);
 
   // Construct a lexer for a stream or array of streams (assumes obj
   // is either a stream or array of streams).
-  Lexer(XRef *xref, Object *obj);
+  Lexer(XRef *xrefA, Object *obj);
 
   // Destructor.
   ~Lexer();
 
   // Get the next object from the input stream.
-  Object *getObj(Object *obj);
+  Object *getObj(Object *obj, int objNum = -1);
 
   // Skip to the beginning of the next line in the input stream.
   void skipToNextLine();
@@ -73,6 +73,8 @@
   Object curStr;		// current stream
   GBool freeArray;		// should lexer free the streams array?
   char tokBuf[tokBufSize];	// temporary token buffer
+
+  XRef *xref;
 };
 
 #endif

Index: Parser.cc
===================================================================
RCS file: /cvs/poppler/poppler/poppler/Parser.cc,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -d -r1.3 -r1.4
--- Parser.cc	20 Sep 2005 15:27:31 -0000	1.3
+++ Parser.cc	17 Jan 2006 21:35:31 -0000	1.4
@@ -68,7 +68,7 @@
 
   // dictionary or stream
   } else if (buf1.isCmd("<<")) {
-    shift();
+    shift(objNum);
     obj->initDict(xref);
     while (!buf1.isCmd(">>") && !buf1.isEOF()) {
       if (!buf1.isName()) {
@@ -192,7 +192,7 @@
   return str;
 }
 
-void Parser::shift() {
+void Parser::shift(int objNum) {
   if (inlineImg > 0) {
     if (inlineImg < 2) {
       ++inlineImg;
@@ -210,5 +210,5 @@
   if (inlineImg > 0)		// don't buffer inline image data
     buf2.initNull();
   else
-    lexer->getObj(&buf2);
+    lexer->getObj(&buf2, objNum);
 }

Index: Parser.h
===================================================================
RCS file: /cvs/poppler/poppler/poppler/Parser.h,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -d -r1.2 -r1.3
--- Parser.h	16 Sep 2005 18:29:18 -0000	1.2
+++ Parser.h	17 Jan 2006 21:35:31 -0000	1.3
@@ -47,7 +47,7 @@
   int inlineImg;		// set when inline image data is encountered
 
   Stream *makeStream(Object *dict);
-  void shift();
+  void shift(int objNum = -1);
 };
 
 #endif

Index: XRef.cc
===================================================================
RCS file: /cvs/poppler/poppler/poppler/XRef.cc,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- XRef.cc	20 Sep 2005 14:59:43 -0000	1.10
+++ XRef.cc	17 Jan 2006 21:35:31 -0000	1.11
@@ -934,6 +934,23 @@
   return gTrue;
 }
 
+int XRef::getNumEntry(int offset) const
+{
+  int res = -1;
+  int resOffset = -1;
+  XRefEntry e;
+  for (int i = 0; i < size; ++i)
+  {
+    e = entries[i];
+    if (e.offset < offset && e.offset > resOffset)
+    {
+      res = i;
+      resOffset = e.offset;
+    }
+  }
+  return res;
+}
+
 Guint XRef::strToUnsigned(char *s) {
   Guint x;
   char *p;

Index: XRef.h
===================================================================
RCS file: /cvs/poppler/poppler/poppler/XRef.h,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- XRef.h	20 Sep 2005 14:00:43 -0000	1.5
+++ XRef.h	17 Jan 2006 21:35:31 -0000	1.6
@@ -94,6 +94,9 @@
   // Returns false if unknown or file is not damaged.
   GBool getStreamEnd(Guint streamStart, Guint *streamEnd);
 
+  // Retuns the entry that belongs to the offset
+  int getNumEntry(int offset) const;
+
   // Direct access.
   int getSize() { return size; }
   XRefEntry *getEntry(int i) { return &entries[i]; }

More information about the poppler mailing list