OSS-fuzz #45030

The code to retrieve a page dictionary was assuming that, if we reached
a node in the pages tree which contained a dictionary that it was a
page dictionary. This file, however, has a node in the Pages tree which
has a Kids array, containing a reference back to a dictionary which
is the Root pf the Pages tree.

This commit checks the dictionary to see if it is already in the loop
detection array, if it is then we've already visited it, so this must
be a circular reference.

Also removed a couple of unused variables that were causing compiler
warnings.

1 files changed, 6 insertions, 2 deletions

diff --git a/pdf/pdf_doc.c b/pdf/pdf_doc.c
index 16a13fd98..be71dfcb9 100644
--- a/pdf/pdf_doc.c
+++ b/pdf/pdf_doc.c
@@ -347,6 +347,12 @@ static int pdfi_get_child(pdf_context *ctx, pdf_array *Kids, int i, pdf_dict **p
             leaf_dict = NULL;
         }
     } else {
+        if (ctx->loop_detection != NULL) {
+            if (node->object_num != 0 && pdfi_loop_detector_check_object(ctx, node->object_num)) {
+                code = gs_note_error(gs_error_circular_reference);
+                goto errorExit;
+            }
+        }
         child = (pdf_dict *)node;
         pdfi_countup(child);
     }
@@ -708,8 +714,6 @@ exit:
 static int pdfi_doc_mark_the_outline(pdf_context *ctx, pdf_dict *outline)
 {
     int code = 0;
-    int64_t count = 0;
-    int64_t numkids = 0;
     pdf_dict *tempdict = NULL;
     uint64_t dictsize;
     uint64_t index;