51 lines
2.2 KiB
Diff
51 lines
2.2 KiB
Diff
From 1c5220a55e0df63c122ad172debd86763512f09d Mon Sep 17 00:00:00 2001
|
|
Subject: [PATCH] Fix CVE-2018-12123
|
|
---
|
|
.../java/org/apache/pdfbox/pdfparser/COSParser.java | 12 +++++++++---
|
|
1 file changed, 9 insertions(+), 3 deletions(-)
|
|
|
|
diff --git a/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java b/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java
|
|
index 524f2f5..751f4f1 100644
|
|
--- a/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java
|
|
+++ b/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java
|
|
@@ -2239,12 +2239,12 @@ public class COSParser extends BaseParser
|
|
COSBase pages = root.getDictionaryObject(COSName.PAGES);
|
|
if (pages instanceof COSDictionary)
|
|
{
|
|
- checkPagesDictionary((COSDictionary) pages);
|
|
+ checkPagesDictionary((COSDictionary) pages, new HashSet<COSObject>());
|
|
}
|
|
}
|
|
}
|
|
|
|
- private int checkPagesDictionary(COSDictionary pagesDict)
|
|
+ private int checkPagesDictionary(COSDictionary pagesDict, Set<COSObject> set)
|
|
{
|
|
// check for kids
|
|
COSBase kids = pagesDict.getDictionaryObject(COSName.KIDS);
|
|
@@ -2256,6 +2256,11 @@ public class COSParser extends BaseParser
|
|
for (COSBase kid : kidsList)
|
|
{
|
|
COSObject kidObject = (COSObject) kid;
|
|
+ if (set.contains(kidObject))
|
|
+ {
|
|
+ kidsArray.remove(kid);
|
|
+ continue;
|
|
+ }
|
|
COSBase kidBaseobject = kidObject.getObject();
|
|
// object wasn't dereferenced -> remove it
|
|
if (kidBaseobject.equals(COSNull.NULL))
|
|
@@ -2270,7 +2275,8 @@ public class COSParser extends BaseParser
|
|
if (COSName.PAGES.equals(type))
|
|
{
|
|
// process nested pages dictionaries
|
|
- numberOfPages += checkPagesDictionary(kidDictionary);
|
|
+ set.add(kidObject);
|
|
+ numberOfPages += checkPagesDictionary(kidDictionary, set);
|
|
}
|
|
else if (COSName.PAGE.equals(type))
|
|
{
|
|
--
|
|
2.23.0
|
|
|