diff options
| author | Ken Sharp <ken.sharp@artifex.com> | 2022-06-07 15:44:43 +0100 |
|---|---|---|
| committer | Ken Sharp <ken.sharp@artifex.com> | 2022-06-07 15:44:43 +0100 |
| commit | bb2fd595dd08728323a86a24e0f5643383c92d03 (patch) | |
| tree | 3f6593626c4d4ea39c34e304ee61b548ad60b31b /pdf/pdf_repair.c | |
| parent | d6e66198cc2a32032c4e07c98565b1a1ac91047d (diff) | |
| download | ghostpdl-bb2fd595dd08728323a86a24e0f5643383c92d03.tar.gz | |
GhostPDF - prevent infinite loop on token parsing error
This exhibited with the file for the OSS-fuzz bug #42299, if we got an
invalid token after finding an 'endstream' (ie the endobj was missing)
then we could end up in an infinite loop trying to find a token and
failing.
Deal with that by treating an invalid key (after finding an endstream)
as if we had found an endobj.
Diffstat (limited to 'pdf/pdf_repair.c')
| -rw-r--r-- | pdf/pdf_repair.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pdf/pdf_repair.c b/pdf/pdf_repair.c index a5b5bf1ff..83d5a87c6 100644 --- a/pdf/pdf_repair.c +++ b/pdf/pdf_repair.c @@ -248,7 +248,7 @@ int pdfi_repair_file(pdf_context *ctx) code = pdfi_read_bare_keyword(ctx, ctx->main_stream); if (code == gs_error_VMerror || code == gs_error_ioerror) goto exit; - if (code == TOKEN_ENDOBJ) { + if (code == TOKEN_ENDOBJ || code == TOKEN_INVALID_KEY) { code = pdfi_repair_add_object(ctx, object_num, generation_num, offset); if (code == gs_error_VMerror || code == gs_error_ioerror) goto exit; |