mirrors/pdf.js
1
0
Fork 0
mirror of https://github.com/mozilla/pdf.js.git synced 2025-04-23 16:48:08 +02:00
Code Activity

Catch circular references in /Form XObjects (issue 19800)

Browse source 
For simplicity we will abort /Form XObject parsing *immediately* when encountering a circular reference, rather than letting it continue up until some limit (as e.g. PDFium appears to do), which should be fine since there are never any guarantees if/how *corrupt* PDF documents will render.
This commit is contained in:
Jonas Jenwald 2025-04-11 12:38:13 +02:00
parent 7a94fafd30
commit 1048508dd1
4 changed files with 143 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

43
src/core/evaluator.js
View file

@ -462,7 +462,8 @@ class PartialEvaluator {
operatorList,
task,
initialState,
localColorSpaceCache
localColorSpaceCache,
seenRefs
) {
const dict = xobj.dict;
const matrix = lookupMatrix(dict.getArray("Matrix"), null);
@ -526,6 +527,7 @@ class PartialEvaluator {
resources: dict.get("Resources") || resources,
operatorList,
initialState,
prevRefs: seenRefs,
});
operatorList.addOp(OPS.paintFormXObjectEnd, []);
@ -850,7 +852,8 @@ class PartialEvaluator {
operatorList,
task,
stateManager,
localColorSpaceCache
localColorSpaceCache,
seenRefs
) {
const smaskContent = smask.get("G");
const smaskOptions = {
@ -880,7 +883,8 @@ class PartialEvaluator {
operatorList,
task,
stateManager.state.clone({ newPath: true }),
localColorSpaceCache
localColorSpaceCache,
seenRefs
);
}
@ -1065,6 +1069,7 @@ class PartialEvaluator {
stateManager,
localGStateCache,
localColorSpaceCache,
seenRefs,
}) {
const gStateRef = gState.objId;
let isSimpleGState = true;
@ -1127,7 +1132,8 @@ class PartialEvaluator {
operatorList,
task,
stateManager,
localColorSpaceCache
localColorSpaceCache,
seenRefs
)
);
gStateObj.push([key, true]);
@ -1696,7 +1702,19 @@ class PartialEvaluator {
operatorList,
initialState = null,
fallbackFontDict = null,
prevRefs = null,
}) {
const objId = stream.dict?.objId;
const seenRefs = new RefSet(prevRefs);
if (objId) {
if (prevRefs?.has(objId)) {
throw new Error(
`getOperatorList - ignoring circular reference: ${objId}`
);
}
seenRefs.put(objId);
}
// Ensure that `resources`/`initialState` is correctly initialized,
// even if the provided parameter is e.g. `null`.
resources ||= Dict.empty;
@ -1808,7 +1826,8 @@ class PartialEvaluator {
operatorList,
task,
stateManager.state.clone({ newPath: true }),
localColorSpaceCache
localColorSpaceCache,
seenRefs
)
.then(function () {
stateManager.restore();
@ -2158,6 +2177,7 @@ class PartialEvaluator {
stateManager,
localGStateCache,
localColorSpaceCache,
seenRefs,
})
.then(resolveGState, rejectGState);
}).catch(function (reason) {
@ -2339,7 +2359,19 @@ class PartialEvaluator {
markedContentData = null,
disableNormalization = false,
keepWhiteSpace = false,
prevRefs = null,
}) {
const objId = stream.dict?.objId;
const seenRefs = new RefSet(prevRefs);
if (objId) {
if (prevRefs?.has(objId)) {
throw new Error(
`getTextContent - ignoring circular reference: ${objId}`
);
}
seenRefs.put(objId);
}
// Ensure that `resources`/`stateManager` is correctly initialized,
// even if the provided parameter is e.g. `null`.
resources ||= Dict.empty;
@ -3326,6 +3358,7 @@ class PartialEvaluator {
markedContentData,
disableNormalization,
keepWhiteSpace,
prevRefs: seenRefs,
})
.then(function () {
if (!sinkWrapper.enqueueInvoked) {