[poppler] poppler/Catalog.cc poppler/Catalog.h qt5/src qt6/src

Wed Apr 13 23:29:07 UTC 2022

poppler/Catalog.cc            |    9 +++++++--
 poppler/Catalog.h             |    1 +
 qt5/src/poppler-annotation.cc |   18 ++++++++++--------
 qt6/src/poppler-annotation.cc |   18 ++++++++++--------
 4 files changed, 28 insertions(+), 18 deletions(-)

New commits:
commit 6a4bbacbfa0c914162ffb23cc759a9adafc9e295
Author: Albert Astals Cid <aacid at kde.org>
Date:   Thu Apr 14 01:23:55 2022 +0200

    Fix crash in very badly damaged documents when adding a freetext annotation
    
    oss-fuzz/46497

diff --git a/poppler/Catalog.cc b/poppler/Catalog.cc
index add93530..6fbf2dcf 100644
--- a/poppler/Catalog.cc
+++ b/poppler/Catalog.cc
@@ -1065,13 +1065,18 @@ Form *Catalog::getCreateForm()
 {
     catalogLocker();
     if (!form) {
+
+        Object catDict = xref->getCatalog();
+        if (!catDict.isDict()) {
+            error(errSyntaxError, -1, "Catalog object is wrong type ({0:s})", catDict.getTypeName());
+            return nullptr;
+        }
+
         if (!acroForm.isDict()) {
             acroForm = Object(new Dict(xref));
             acroForm.dictSet("Fields", Object(new Array(xref)));
 
             const Ref newFormRef = xref->addIndirectObject(acroForm);
-
-            Object catDict = xref->getCatalog();
             catDict.dictSet("AcroForm", Object(newFormRef));
 
             xref->setModifiedObject(&catDict, { xref->getRootNum(), xref->getRootGen() });
diff --git a/poppler/Catalog.h b/poppler/Catalog.h
index 03c7314c..03df89ac 100644
--- a/poppler/Catalog.h
+++ b/poppler/Catalog.h
@@ -227,6 +227,7 @@ public:
     };
 
     FormType getFormType();
+    // This can return nullptr if the document is in a very damaged state
     Form *getCreateForm();
     Form *getForm();
 
diff --git a/qt5/src/poppler-annotation.cc b/qt5/src/poppler-annotation.cc
index 851f78a8..a1804cb5 100644
--- a/qt5/src/poppler-annotation.cc
+++ b/qt5/src/poppler-annotation.cc
@@ -1988,15 +1988,17 @@ void TextAnnotationPrivate::setDefaultAppearanceToNative()
         std::string fontName = "Invalid_font";
         if (textFont) {
             Form *form = pdfPage->getDoc()->getCatalog()->getCreateForm();
-            fontName = form->findFontInDefaultResources(textFont->family().toStdString(), textFont->styleName().toStdString());
-            if (fontName.empty()) {
-                fontName = form->addFontToDefaultResources(textFont->family().toStdString(), textFont->styleName().toStdString());
-            }
+            if (form) {
+                fontName = form->findFontInDefaultResources(textFont->family().toStdString(), textFont->styleName().toStdString());
+                if (fontName.empty()) {
+                    fontName = form->addFontToDefaultResources(textFont->family().toStdString(), textFont->styleName().toStdString());
+                }
 
-            if (!fontName.empty()) {
-                form->ensureFontsForAllCharacters(pdfAnnot->getContents(), fontName);
-            } else {
-                fontName = "Invalid_font";
+                if (!fontName.empty()) {
+                    form->ensureFontsForAllCharacters(pdfAnnot->getContents(), fontName);
+                } else {
+                    fontName = "Invalid_font";
+                }
             }
         }
         DefaultAppearance da { { objName, fontName.c_str() }, pointSize, convertQColor(textColor) };
diff --git a/qt6/src/poppler-annotation.cc b/qt6/src/poppler-annotation.cc
index 4472f62f..4232fe8a 100644
--- a/qt6/src/poppler-annotation.cc
+++ b/qt6/src/poppler-annotation.cc
@@ -1626,15 +1626,17 @@ void TextAnnotationPrivate::setDefaultAppearanceToNative()
         std::string fontName = "Invalid_font";
         if (textFont) {
             Form *form = pdfPage->getDoc()->getCatalog()->getCreateForm();
-            fontName = form->findFontInDefaultResources(textFont->family().toStdString(), textFont->styleName().toStdString());
-            if (fontName.empty()) {
-                fontName = form->addFontToDefaultResources(textFont->family().toStdString(), textFont->styleName().toStdString());
-            }
+            if (form) {
+                fontName = form->findFontInDefaultResources(textFont->family().toStdString(), textFont->styleName().toStdString());
+                if (fontName.empty()) {
+                    fontName = form->addFontToDefaultResources(textFont->family().toStdString(), textFont->styleName().toStdString());
+                }
 
-            if (!fontName.empty()) {
-                form->ensureFontsForAllCharacters(pdfAnnot->getContents(), fontName);
-            } else {
-                fontName = "Invalid_font";
+                if (!fontName.empty()) {
+                    form->ensureFontsForAllCharacters(pdfAnnot->getContents(), fontName);
+                } else {
+                    fontName = "Invalid_font";
+                }
             }
         }
         DefaultAppearance da { { objName, fontName.c_str() }, pointSize, convertQColor(textColor) };
