You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pdfbox.apache.org by le...@apache.org on 2022/02/02 07:04:11 UTC

svn commit: r1897684 - /pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/BaseParser.java

Author: lehmi
Date: Wed Feb  2 07:04:11 2022
New Revision: 1897684

URL: http://svn.apache.org/viewvc?rev=1897684&view=rev
Log:
PDFBOX-5339: check object number and generation number for invalid values

Modified:
    pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/BaseParser.java

Modified: pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/BaseParser.java
URL: http://svn.apache.org/viewvc/pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/BaseParser.java?rev=1897684&r1=1897683&r2=1897684&view=diff
==============================================================================
--- pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/BaseParser.java (original)
+++ pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/BaseParser.java Wed Feb  2 07:04:11 2022
@@ -169,13 +169,23 @@ public abstract class BaseParser
         }
         if (!(generationNumber instanceof COSInteger))
         {
-            LOG.error("expected number, actual=" + value + " at offset " + genOffset);
+            LOG.error("expected number, actual=" + generationNumber + " at offset " + genOffset);
+            return COSNull.NULL;
+        }
+        long objNumber = ((COSInteger) value).longValue();
+        if (objNumber <= 0)
+        {
+            LOG.error("invalid object number value =" + objNumber + " at offset " + numOffset);
+            return COSNull.NULL;
+        }
+        int genNumber = ((COSInteger) generationNumber).intValue();
+        if (genNumber < 0)
+        {
+            LOG.error("invalid generation number value =" + genNumber + " at offset " + numOffset);
             return COSNull.NULL;
         }
-        COSObjectKey key = new COSObjectKey(((COSInteger) value).longValue(),
-                ((COSInteger) generationNumber).intValue());
         // dereference the object
-        return getObjectFromPool(key);
+        return getObjectFromPool(new COSObjectKey(objNumber, genNumber));
     }
 
     private COSBase getObjectFromPool(COSObjectKey key) throws IOException