[poppler] poppler/Dict.cc poppler/Dict.h poppler/Object.cc poppler/Object.h poppler/Parser.cc poppler/XRef.cc poppler/XRef.h

Albert Astals Cid aacid at kemper.freedesktop.org
Sat Nov 20 13:32:47 PST 2010 

 poppler/Dict.cc   |    4 ++--
 poppler/Dict.h    |    2 +-
 poppler/Object.cc |    4 ++--
 poppler/Object.h  |    8 ++++----
 poppler/Parser.cc |    2 +-
 poppler/XRef.cc   |    4 ++--
 poppler/XRef.h    |    2 +-
 7 files changed, 13 insertions(+), 13 deletions(-)

New commits:
commit b0555189a7fbd7f6a899e582783b9e0df44d5d6a
Author: Albert Astals Cid <aacid at kde.org>
Date:   Sat Nov 20 21:32:24 2010 +0000

    Protect against more loops when parsing

diff --git a/poppler/Dict.cc b/poppler/Dict.cc
index 4dbf641..9749c25 100644
--- a/poppler/Dict.cc
+++ b/poppler/Dict.cc
@@ -189,10 +189,10 @@ GBool Dict::is(char *type) {
   return (e = find("Type")) && e->val.isName(type);
 }
 
-Object *Dict::lookup(char *key, Object *obj) {
+Object *Dict::lookup(char *key, Object *obj, int fetchOriginatorNum) {
   DictEntry *e;
 
-  return (e = find(key)) ? e->val.fetch(xref, obj) : obj->initNull();
+  return (e = find(key)) ? e->val.fetch(xref, obj, fetchOriginatorNum) : obj->initNull();
 }
 
 Object *Dict::lookupNF(char *key, Object *obj) {
diff --git a/poppler/Dict.h b/poppler/Dict.h
index 6dfc403..bab0277 100644
--- a/poppler/Dict.h
+++ b/poppler/Dict.h
@@ -72,7 +72,7 @@ public:
 
   // Look up an entry and return the value.  Returns a null object
   // if <key> is not in the dictionary.
-  Object *lookup(char *key, Object *obj);
+  Object *lookup(char *key, Object *obj, int fetchOriginatorNum = -1);
   Object *lookupNF(char *key, Object *obj);
   GBool lookupInt(const char *key, const char *alt_key, int *value);
 
diff --git a/poppler/Object.cc b/poppler/Object.cc
index 9c05557..af89c29 100644
--- a/poppler/Object.cc
+++ b/poppler/Object.cc
@@ -115,9 +115,9 @@ Object *Object::copy(Object *obj) {
   return obj;
 }
 
-Object *Object::fetch(XRef *xref, Object *obj) {
+Object *Object::fetch(XRef *xref, Object *obj, int fetchOriginatorNum) {
   return (type == objRef && xref) ?
-         xref->fetch(ref.num, ref.gen, obj) : copy(obj);
+         xref->fetch(ref.num, ref.gen, obj, fetchOriginatorNum) : copy(obj);
 }
 
 void Object::free() {
diff --git a/poppler/Object.h b/poppler/Object.h
index 6d60d0f..8dd9063 100644
--- a/poppler/Object.h
+++ b/poppler/Object.h
@@ -153,7 +153,7 @@ public:
 
   // If object is a Ref, fetch and return the referenced object.
   // Otherwise, return a copy of the object.
-  Object *fetch(XRef *xref, Object *obj);
+  Object *fetch(XRef *xref, Object *obj, int fetchOriginatorNum = -1);
 
   // Free object contents.
   void free();
@@ -212,7 +212,7 @@ public:
   void dictAdd(char *key, Object *val);
   void dictSet(char *key, Object *val);
   GBool dictIs(char *dictType);
-  Object *dictLookup(char *key, Object *obj);
+  Object *dictLookup(char *key, Object *obj, int fetchOriginatorNum = -1);
   Object *dictLookupNF(char *key, Object *obj);
   char *dictGetKey(int i);
   Object *dictGetVal(int i, Object *obj);
@@ -299,8 +299,8 @@ inline GBool Object::dictIs(char *dictType)
 inline GBool Object::isDict(char *dictType)
   { return type == objDict && dictIs(dictType); }
 
-inline Object *Object::dictLookup(char *key, Object *obj)
-  { OBJECT_TYPE_CHECK(objDict); return dict->lookup(key, obj); }
+inline Object *Object::dictLookup(char *key, Object *obj, int fetchOriginatorNum)
+  { OBJECT_TYPE_CHECK(objDict); return dict->lookup(key, obj, fetchOriginatorNum); }
 
 inline Object *Object::dictLookupNF(char *key, Object *obj)
   { OBJECT_TYPE_CHECK(objDict); return dict->lookupNF(key, obj); }
diff --git a/poppler/Parser.cc b/poppler/Parser.cc
index 5f8e15d..8ee927c 100644
--- a/poppler/Parser.cc
+++ b/poppler/Parser.cc
@@ -173,7 +173,7 @@ Stream *Parser::makeStream(Object *dict, Guchar *fileKey,
   pos = lexer->getPos();
 
   // get length
-  dict->dictLookup("Length", &obj);
+  dict->dictLookup("Length", &obj, objNum);
   if (obj.isInt()) {
     length = (Guint)obj.getInt();
     obj.free();
diff --git a/poppler/XRef.cc b/poppler/XRef.cc
index 97bbcb7..c7cdc89 100644
--- a/poppler/XRef.cc
+++ b/poppler/XRef.cc
@@ -967,13 +967,13 @@ GBool XRef::okToAssemble(GBool ignoreOwnerPW) {
   return (!ignoreOwnerPW && ownerPasswordOk) || (permFlags & permAssemble);
 }
 
-Object *XRef::fetch(int num, int gen, Object *obj) {
+Object *XRef::fetch(int num, int gen, Object *obj, int fetchOriginatorNum) {
   XRefEntry *e;
   Parser *parser;
   Object obj1, obj2, obj3;
 
   // check for bogus ref - this can happen in corrupted PDF files
-  if (num < 0 || num >= size) {
+  if (num < 0 || num >= size || num == fetchOriginatorNum) {
     goto err;
   }
 
diff --git a/poppler/XRef.h b/poppler/XRef.h
index 2401332..de11428 100644
--- a/poppler/XRef.h
+++ b/poppler/XRef.h
@@ -101,7 +101,7 @@ public:
   Object *getCatalog(Object *obj) { return fetch(rootNum, rootGen, obj); }
 
   // Fetch an indirect reference.
-  Object *fetch(int num, int gen, Object *obj);
+  Object *fetch(int num, int gen, Object *obj, int fetchOriginatorNum = -1);
 
   // Return the document's Info dictionary (if any).
   Object *getDocInfo(Object *obj);

More information about the poppler mailing list