1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 04:57:44 +00:00

LibPDF: Do not crash on encrypted files that start unluckily

PDF files can be linearized. In that case, they start with a
"linearization dict" that stores the key `/Linearized` and the value
`1`. To check if a file is linearized, we just read the first dict, and
then checked if it has that key.

If the first object of a PDF was a stream with a compression filter
and the input PDF was encrypted and not linearized, then us trying to
decode the linearization dict could crash due to stream contents being
encrypted, decryption state not yet being initialized, and us trying
to decompress stream data before decrypting it.

To prevent this, disable uncompression when parsing the first object
to determine if it's a lineralization dictionary.

(A linearization dict never stores string values, so decryption
not yet being initialized is not a problem. Integer values aren't
encrypted in encrypted PDF files.)
This commit is contained in:
Nico Weber 2023-07-10 15:49:48 -04:00 committed by Andreas Kling
parent c781686198
commit 39b2eed3f6
3 changed files with 19 additions and 1 deletions

View file

@ -474,7 +474,7 @@ PDFErrorOr<NonnullRefPtr<StreamObject>> Parser::parse_stream(NonnullRefPtr<DictO
if (m_document->security_handler() && m_enable_encryption)
m_document->security_handler()->decrypt(stream_object, m_current_reference_stack.last());
if (dict->contains(CommonNames::Filter)) {
if (dict->contains(CommonNames::Filter) && m_enable_filters) {
Vector<DeprecatedFlyString> filters;
// We may either get a single filter or an array of cascading filters