Closed peteris-zealid closed 1 year ago
Thanks, as always! Good catch, and indeed a dangerous bug. I have a fix queued up, hang on :)
Merged (as you probably noticed), and I also just did a bugfix release (0.17.1) to address this. Thanks again!
You might want to handle the skip_over_comment
as well. Not sure if it can be exploited, but why take chances.
Ah, good point... I only looked at usages of PDF_WHITESPACE
, but skip_over_comment
indeed has a similar issue. Will take a look at that one as well.
Also dealt with. Thanks!
In the function
skip_over_whitespace
there are these linesif the stream has reached the end then
tok == b""
. This causes an infinite loop. This bug can be exploited by passing a corrupted pdf where the pointer to the xref table actually points behind the end of file.In particular these lines in
read_xrefs
Proposed solution is to check against the empty buffer and raise an error.