Update the token reading code to protect against obvious format abuses.

Update the xref loading code to protect against looping xref tables.
2025-07-18 23:09:49 +02:00 · 2023-12-07 17:50:52 -05:00
parent ed723a46dc
commit c992b2ba89
3 changed files with 62 additions and 5 deletions
--- a/pdfio-file.c
+++ b/pdfio-file.c
@ -2091,8 +2091,19 @@ load_xref(
    PDFIO_DEBUG_VALUE(&trailer);
    PDFIO_DEBUG("\n");

-    if ((xref_offset = (off_t)pdfioDictGetNumber(trailer.value.dict, "Prev")) <= 0)
+    off_t new_offset = (off_t)pdfioDictGetNumber(trailer.value.dict, "Prev");
+
+    if (new_offset <= 0)
+    {
      done = true;
+    }
+    else if (new_offset == xref_offset)
+    {
+      _pdfioFileError(pdf, "Recursive xref table.");
+      return (false);
+    }
+
+    xref_offset = new_offset;
  }

  // Once we have all of the xref tables loaded, get the important objects and