Skip to content

SEC: Detect cyclic references when accessing TreeObject.children#3645

Merged
stefan6419846 merged 1 commit intopy-pdf:mainfrom
stefan6419846:treeobject-children
Feb 17, 2026
Merged

SEC: Detect cyclic references when accessing TreeObject.children#3645
stefan6419846 merged 1 commit intopy-pdf:mainfrom
stefan6419846:treeobject-children

Conversation

@stefan6419846
Copy link
Collaborator

@stefan6419846 stefan6419846 commented Feb 17, 2026

No description provided.

@codecov
Copy link

codecov bot commented Feb 17, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.37%. Comparing base (9cdcc4c) to head (7dfe2e1).
⚠️ Report is 4 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3645   +/-   ##
=======================================
  Coverage   97.36%   97.37%           
=======================================
  Files          55       55           
  Lines        9879     9886    +7     
  Branches     1807     1808    +1     
=======================================
+ Hits         9619     9626    +7     
  Misses        151      151           
  Partials      109      109

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@stefan6419846 stefan6419846 merged commit bd2f6d0 into py-pdf:main Feb 17, 2026
27 of 46 checks passed
@stefan6419846 stefan6419846 deleted the treeobject-children branch February 17, 2026 16:51
stefan6419846 added a commit that referenced this pull request Feb 17, 2026
@stefan6419846
REL: 6.7.1
ad2a45d 
## What's new

### Security (SEC)
- Detect cyclic references when accessing TreeObject.children (#3645) by @stefan6419846
- Limit size of `/ToUnicode` entries (#3646) by @stefan6419846
- Limit FlateDecode recovery attempts (#3644) by @stefan6419846

### Bug Fixes (BUG)
- Avoid own object replacement logic in `PageObject.replace_contents` (#3638) by @stefan6419846
- Fix UnboundLocalError when update_page_form_field_values with /Sig (#3634) by @John-Sharp

### Robustness (ROB)
- Avoid divison by zero when decoding FlateDecode PNG prediction (#3641) by @stefan6419846

[Full Changelog](6.7.0...6.7.1)
This was referenced Feb 19, 2026
Open
Open
Open
Open
Open
Open
This was referenced Feb 19, 2026
Open
Closed
Closed
This was referenced Feb 19, 2026
Open
Open
This was referenced Feb 19, 2026
Open
Open
@all-hands-bot all-hands-bot mentioned this pull request Feb 26, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stefan6419846