From 3d35d209c19c1d3b09b794a0c863ba5de44a9c0a Mon Sep 17 00:00:00 2001

From: Marek Kasik <mkasik@redhat.com>

Date: Mon, 29 Oct 2018 17:44:47 +0100

Subject: [PATCH] Avoid cycles in PDF parsing

Mark objects being processed in Parser::makeStream() as being processed

and check the mark when entering this method to avoid processing

of the same object recursively.

---

 poppler/Parser.cc | 15 +++++++++++++++

 poppler/XRef.h    |  1 +

 2 files changed, 16 insertions(+)

diff --git a/poppler/Parser.cc b/poppler/Parser.cc

index bd4845ab..8f48efbe 100644

--- a/poppler/Parser.cc

+++ b/poppler/Parser.cc

@@ -197,6 +197,18 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey,

   Stream *str;

   Goffset length;

   Goffset pos, endPos;

+  XRefEntry *entry = nullptr;

+

+  if (xref && (entry = xref->getEntry(objNum, false))) {

+    if (!entry->getFlag(XRefEntry::Parsing) ||

+        (objNum == 0 && objGen == 0)) {

+      entry->setFlag(XRefEntry::Parsing, true);

+    } else {

+      error(errSyntaxError, getPos(),

+            "Object '{0:d} {1:d} obj' is being already parsed", objNum, objGen);

+      return nullptr;

+    }

+  }

   // get stream start position

   lexer->skipToNextLine();

@@ -278,6 +290,9 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey,

   // get filters

   str = str->addFilters(str->getDict(), recursion);

+  if (entry)

+    entry->setFlag(XRefEntry::Parsing, false);

+

   return str;

 }

diff --git a/poppler/XRef.h b/poppler/XRef.h

index 11ee5e03..2eb2f9fd 100644

--- a/poppler/XRef.h

+++ b/poppler/XRef.h

@@ -65,6 +65,7 @@ struct XRefEntry {

   enum Flag {

     // Regular flags

     Updated,     // Entry was modified

+    Parsing,     // Entry is currently being parsed

     // Special flags -- available only after xref->scanSpecialFlags() is run

     Unencrypted, // Entry is stored in unencrypted form (meaningless in unencrypted documents)

-- 

2.19.1