File 0003-Fix-for-CVE-2017-5852-with-added-error-code.patch of Package podofo
Subject: Fix for CVE-2017-5852 with added error code
Url: https://sourceforge.net/p/podofo/code/1835/
--- a/podofo/trunk/src/base/PdfError.cpp
+++ b/podofo/trunk/src/base/PdfError.cpp
@@ -222,6 +222,9 @@
case ePdfError_InvalidEnumValue:
pszMsg = "ePdfError_InvalidEnumValue";
break;
+ case ePdfError_BrokenFile:
+ pszMsg = "ePdfError_BrokenFile";
+ break;
case ePdfError_PageNotFound:
pszMsg = "ePdfError_PageNotFound";
break;
@@ -396,6 +399,9 @@
break;
case ePdfError_InvalidEnumValue:
pszMsg = "An invalid enum value was specified.";
+ break;
+ case ePdfError_BrokenFile:
+ pszMsg = "The file content is broken.";
break;
case ePdfError_PageNotFound:
pszMsg = "The requested page could not be found in the PDF.";
--- a/podofo/trunk/src/base/PdfError.h
+++ b/podofo/trunk/src/base/PdfError.h
@@ -73,6 +73,7 @@
ePdfError_ValueOutOfRange, /**< The specified memory is out of the allowed range. */
ePdfError_InternalLogic, /**< An internal sanity check or assertion failed. */
ePdfError_InvalidEnumValue, /**< An invalid enum value was specified. */
+ ePdfError_BrokenFile, /**< The file content is broken. */
ePdfError_PageNotFound, /**< The requested page could not be found in the PDF. */
--- a/podofo/trunk/src/doc/PdfPage.cpp
+++ b/podofo/trunk/src/doc/PdfPage.cpp
@@ -228,6 +228,14 @@
if( inObject->GetDictionary().HasKey( "Parent" ) )
{
pObj = inObject->GetIndirectKey( "Parent" );
+ if( pObj == inObject )
+ {
+ std::ostringstream oss;
+ oss << "Object " << inObject->Reference().ObjectNumber() << " "
+ << inObject->Reference().GenerationNumber() << " references itself as Parent";
+ PODOFO_RAISE_ERROR_INFO( ePdfError_BrokenFile, oss.str().c_str() );
+ }
+
if( pObj )
pObj = GetInheritedKeyFromObject( inKey, pObj );
}
