You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pdfbox.apache.org by le...@apache.org on 2022/06/11 12:12:31 UTC

svn commit: r1901825 - /pdfbox/branches/2.0/preflight/src/main/java/org/apache/pdfbox/preflight/process/StreamValidationProcess.java

Author: lehmi
Date: Sat Jun 11 12:12:31 2022
New Revision: 1901825

URL: http://svn.apache.org/viewvc?rev=1901825&view=rev
Log:
PDFBOX-4925: skip (most of) the dictionary to avoid false positive findings of the key word "stream"

Modified:
    pdfbox/branches/2.0/preflight/src/main/java/org/apache/pdfbox/preflight/process/StreamValidationProcess.java

Modified: pdfbox/branches/2.0/preflight/src/main/java/org/apache/pdfbox/preflight/process/StreamValidationProcess.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/preflight/src/main/java/org/apache/pdfbox/preflight/process/StreamValidationProcess.java?rev=1901825&r1=1901824&r2=1901825&view=diff
==============================================================================
--- pdfbox/branches/2.0/preflight/src/main/java/org/apache/pdfbox/preflight/process/StreamValidationProcess.java (original)
+++ pdfbox/branches/2.0/preflight/src/main/java/org/apache/pdfbox/preflight/process/StreamValidationProcess.java Sat Jun 11 12:12:31 2022
@@ -123,6 +123,33 @@ public class StreamValidationProcess ext
         // else Filter entry is optional
     }
 
+    private boolean readUntilEndOfDictionaryStream(InputStream ra) throws IOException
+    {
+        boolean search = true;
+        boolean maybe = false;
+        do
+        {
+            int c = ra.read();
+            switch (c)
+            {
+            case '>':
+                if (maybe)
+                {
+                    return true;
+                }
+                maybe = true;
+                break;
+            case -1:
+                search = false;
+                break;
+            default:
+                maybe = false;
+                break;
+            }
+        } while (search);
+        return false;
+    }
+
     private boolean readUntilStream(InputStream ra) throws IOException
     {
         boolean search = true;
@@ -225,6 +252,14 @@ public class StreamValidationProcess ext
                     skipped += curSkip;
                 }
 
+                // skip (most of) the dictionary to avoid false positives, see PDFBOX-4925
+                if (!readUntilEndOfDictionaryStream(ra))
+                {
+                    addValidationError(context, new ValidationError(ERROR_SYNTAX_STREAM_DAMAGED,
+                            "Unable to find end of dictionary"));
+                    return;
+                }
+
                 // ---- go to the stream key word
                 if (readUntilStream(ra))
                 {