You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pdfbox.apache.org by le...@apache.org on 2021/04/25 10:35:50 UTC

svn commit: r1889168 - /pdfbox/branches/2.0/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFObjectStreamParser.java

Author: lehmi
Date: Sun Apr 25 10:35:50 2021
New Revision: 1889168

URL: http://svn.apache.org/viewvc?rev=1889168&view=rev
Log:
PDFBOX-5177: don't use number of objects to initialize list of objects, don't read beyond the part of the stream reserved for object numbers

Modified:
    pdfbox/branches/2.0/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFObjectStreamParser.java

Modified: pdfbox/branches/2.0/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFObjectStreamParser.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFObjectStreamParser.java?rev=1889168&r1=1889167&r2=1889168&view=diff
==============================================================================
--- pdfbox/branches/2.0/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFObjectStreamParser.java (original)
+++ pdfbox/branches/2.0/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFObjectStreamParser.java Sun Apr 25 10:35:50 2021
@@ -92,7 +92,7 @@ public class PDFObjectStreamParser exten
         try
         {
             Map<Integer, Long> offsets = readOffsets();
-            streamObjects = new ArrayList<COSObject>( numberOfObjects );
+            streamObjects = new ArrayList<COSObject>(offsets.size());
             for (Entry<Integer, Long> offset : offsets.entrySet())
             {
                 COSBase cosObject = parseObject(offset.getKey());
@@ -128,8 +128,14 @@ public class PDFObjectStreamParser exten
         // but we can't rely on that, so that we have to sort the offsets
         // as the sequential parsers relies on it, see PDFBOX-4927
         Map<Integer, Long> objectNumbers = new TreeMap<Integer, Long>();
+        long firstObjectPosition = seqSource.getPosition() + firstObject - 1;
         for (int i = 0; i < numberOfObjects; i++)
         {
+            // don't read beyond the part of the stream reserved for the object numbers
+            if (seqSource.getPosition() >= firstObjectPosition)
+            {
+                break;
+            }
             long objectNumber = readObjectNumber();
             int offset = (int) readLong();
             objectNumbers.put(offset, objectNumber);