Sakurai/pdf.js
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #13784 from Snuffleupagus/issue-13783

Browse Source 
When parsing corrupt documents, avoid inserting obviously broken data in the XRef-table (issue 13783)
This commit is contained in:
Tim van der Meij 2021-07-24 14:37:39 +02:00 committed by GitHub
commit 7b6767d415
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 51 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/core/core_utils.js
View File

@ -58,6 +58,8 @@ class MissingDataException extends BaseException {
} }
} }
class ParserEOFException extends BaseException {}
class XRefEntryException extends BaseException {} class XRefEntryException extends BaseException {}
class XRefParseException extends BaseException {} class XRefParseException extends BaseException {}
@ -450,6 +452,7 @@ export {
isWhiteSpace, isWhiteSpace,
log2, log2,
MissingDataException, MissingDataException,
ParserEOFException,
parseXFAPath, parseXFAPath,
readInt8, readInt8,
readUint16, readUint16,

18
src/core/parser.js
View File

@ -33,7 +33,11 @@ import {
Name, Name,
Ref, Ref,
} from "./primitives.js"; } from "./primitives.js";
import { isWhiteSpace, MissingDataException } from "./core_utils.js"; import {
isWhiteSpace,
MissingDataException,
ParserEOFException,
} from "./core_utils.js";
import { Ascii85Stream } from "./ascii_85_stream.js"; import { Ascii85Stream } from "./ascii_85_stream.js";
import { AsciiHexStream } from "./ascii_hex_stream.js"; import { AsciiHexStream } from "./ascii_hex_stream.js";
import { CCITTFaxStream } from "./ccitt_stream.js"; import { CCITTFaxStream } from "./ccitt_stream.js";
@ -124,11 +128,11 @@ class Parser {
array.push(this.getObj(cipherTransform)); array.push(this.getObj(cipherTransform));
} }
if (isEOF(this.buf1)) { if (isEOF(this.buf1)) {
if (!this.recoveryMode) { if (this.recoveryMode) {
throw new FormatError("End of file inside array");
}
return array; return array;
} }
throw new ParserEOFException("End of file inside array.");
}
this.shift(); this.shift();
return array; return array;
case "<<": // dictionary or stream case "<<": // dictionary or stream
@ -148,11 +152,11 @@ class Parser {
dict.set(key, this.getObj(cipherTransform)); dict.set(key, this.getObj(cipherTransform));
} }
if (isEOF(this.buf1)) { if (isEOF(this.buf1)) {
if (!this.recoveryMode) { if (this.recoveryMode) {
throw new FormatError("End of file inside dictionary");
}
return dict; return dict;
} }
throw new ParserEOFException("End of file inside dictionary.");
}
// Stream objects are not allowed inside content streams or // Stream objects are not allowed inside content streams or
// object streams. // object streams.

30
src/core/xref.js
View File

@ -33,6 +33,7 @@ import {
import { Lexer, Parser } from "./parser.js"; import { Lexer, Parser } from "./parser.js";
import { import {
MissingDataException, MissingDataException,
ParserEOFException,
XRefEntryException, XRefEntryException,
XRefParseException, XRefParseException,
} from "./core_utils.js"; } from "./core_utils.js";
@ -453,15 +454,38 @@ class XRef {
} else if ((m = objRegExp.exec(token))) { } else if ((m = objRegExp.exec(token))) {
const num = m[1] | 0, const num = m[1] | 0,
gen = m[2] | 0; gen = m[2] | 0;
if (!this.entries[num] || this.entries[num].gen === gen) {
let contentLength,
startPos = position + token.length,
updateEntries = false;
if (!this.entries[num]) {
updateEntries = true;
} else if (this.entries[num].gen === gen) {
// Before overwriting an existing entry, ensure that the new one won't
// cause *immediate* errors when it's accessed (fixes issue13783.pdf).
try {
const parser = new Parser({
lexer: new Lexer(stream.makeSubStream(startPos)),
});
parser.getObj();
updateEntries = true;
} catch (ex) {
if (ex instanceof ParserEOFException) {
warn(`indexObjects -- checking object (${token}): "${ex}".`);
} else {
// The error may come from the `Parser`-instance being initialized
// without an `XRef`-instance (we don't have a usable one yet).
updateEntries = true;
}
}
}
if (updateEntries) {
this.entries[num] = { this.entries[num] = {
offset: position - stream.start, offset: position - stream.start,
gen, gen,
uncompressed: true, uncompressed: true,
}; };
} }
let contentLength,
startPos = position + token.length;
// Find the next "obj" string, rather than "endobj", to ensure that // Find the next "obj" string, rather than "endobj", to ensure that
// we won't skip over a new 'obj' operator in corrupt files where // we won't skip over a new 'obj' operator in corrupt files where

1
test/pdfs/issue13783.pdf.link Normal file
View File

@ -0,0 +1 @@
https://github.com/mozilla/pdf.js/files/6869824/TimeTravel.pdf

9
test/test_manifest.json
View File

@ -1382,6 +1382,15 @@
"enableXfa": true, "enableXfa": true,
"type": "eq" "type": "eq"
}, },
{ "id": "issue13783",
"file": "pdfs/issue13783.pdf",
"md5": "6958d827afa566efbd82f53271ea5cd6",
"link": true,
"rounds": 1,
"firstPage": 7,
"lastPage": 7,
"type": "eq"
},
{ "id": "issue9262", { "id": "issue9262",
"file": "pdfs/issue9262_reduced.pdf", "file": "pdfs/issue9262_reduced.pdf",
"md5": "5347ce2d7b3866625c22e115fd90e0de", "md5": "5347ce2d7b3866625c22e115fd90e0de",