Skip to content

SEC: Infinite recursion caused by IndirectObject clone#2156

Merged
MartinThoma merged 1 commit intopy-pdf:mainfrom
exiledkingcc:fix-2102
Sep 10, 2023
Merged

SEC: Infinite recursion caused by IndirectObject clone#2156
MartinThoma merged 1 commit intopy-pdf:mainfrom
exiledkingcc:fix-2102

Conversation

@exiledkingcc
Copy link
Copy Markdown
Contributor

@exiledkingcc exiledkingcc commented Sep 6, 2023

if a object contains a indirect_reference, which points to the object it self, cloning it will cause infinite recursion.
for example: a page contains a link to self.

this will fix #2102

@exiledkingcc
BUG: infinite recursion caused by IndirectObject clone
81eb779 
if a object contains a indirect_reference, which points to the object it self,
cloning it will cause infinite recursion.
for example: a page contains a link to self.
@codecov
Copy link
Copy Markdown

codecov bot commented Sep 6, 2023

Codecov Report

Patch coverage: 100.00% and project coverage change: +0.03% 🎉

Comparison is base (05f2a65) 94.25% compared to head (81eb779) 94.28%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2156      +/-   ##
==========================================
+ Coverage   94.25%   94.28%   +0.03%     
==========================================
  Files          42       42              
  Lines        7556     7561       +5     
  Branches     1487     1488       +1     
==========================================
+ Hits         7122     7129       +7     
+ Misses        266      265       -1     
+ Partials      168      167       -1
Files Changed Coverage Δ
pypdf/generic/_base.py 100.00% <100.00%> (ø)

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pubpub-zz
Copy link
Copy Markdown
Collaborator

pubpub-zz commented Sep 7, 2023

Missed your PR. Wonderfull

@exiledkingcc
Copy link
Copy Markdown
Contributor Author

exiledkingcc commented Sep 8, 2023

@pubpub-zz thank you.
trying to get more time for the pypdf community. 😀

@MartinThoma MartinThoma changed the title BUG: infinite recursion caused by IndirectObject clone SEC: Infinite recursion caused by IndirectObject clone Sep 10, 2023
@MartinThoma MartinThoma added the nf-security Non-functional change: Security label Sep 10, 2023
@MartinThoma MartinThoma merged commit e090717 into py-pdf:main Sep 10, 2023
@MartinThoma
Copy link
Copy Markdown
Member

MartinThoma commented Sep 10, 2023

Thank you :-)

MartinThoma added a commit that referenced this pull request Sep 10, 2023
@MartinThoma
REL: 3.16.0
fb35485 
## What's new

### Security (SEC)
-  Infinite recursion caused by IndirectObject clone (#2156)

### New Features (ENH)
-  Ease access to ViewerPreferences (#2144)

### Bug Fixes (BUG)
-  catch the case where w[0] is an IndirectObject instead of an int (#2154)
-  Cope with indirect objects in filters and remove deprecated code (#2177)
-  Cope with extra space (#2151)
-  Merge pages without resources (#2150)
-  getcontents() shall return None if contents is NullObject (#2161)
-  Fix conversion from 1 to LA (#2175)
-  Accept tabs in cmaps (#2174)

### Robustness (ROB)
-  Accept XYZ with no arguments (#2178)

[Full Changelog](3.15.5...3.16.0)
@exiledkingcc exiledkingcc deleted the fix-2102 branch September 11, 2023 01:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

nf-security Non-functional change: Security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

BUG: Infinite recursion bug with PSUtils

3 participants

@exiledkingcc @pubpub-zz @MartinThoma