Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUG: Prevent infinite loop when no character follows after a comment #1828

Merged
merged 2 commits into from
May 21, 2023
Merged

BUG: Prevent infinite loop when no character follows after a comment #1828

merged 2 commits into from
May 21, 2023

Conversation

exiledkingcc
Copy link
Contributor

@exiledkingcc exiledkingcc commented May 3, 2023
edited by MartinThoma
Loading

Fixes #1825

@codecov
Copy link

codecov bot commented May 3, 2023
edited
Loading

Codecov Report

Patch coverage: 100.00% and no project coverage change.

Comparison is base (dde4c79) 93.40% compared to head (d932a5f) 93.40%.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1828   +/-   ##
=======================================
  Coverage   93.40%   93.40%           
=======================================
  Files          34       34           
  Lines        6627     6627           
  Branches     1299     1299           
=======================================
  Hits         6190     6190           
  Misses        285      285           
  Partials      152      152
Impacted Files Coverage Δ
pypdf/generic/_data_structures.py 90.13% <100.00%> (ø)

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

pubpub-zz
pubpub-zz approved these changes May 3, 2023
View reviewed changes
Copy link
Collaborator

@pubpub-zz pubpub-zz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add the test refering the pdf refered in #1825

@exiledkingcc exiledkingcc force-pushed the fix-1825 branch 2 times, most recently from d4d818b to faed05c Compare May 8, 2023 06:49
@pubpub-zz
Copy link
Collaborator

great. Just be aware that test running on the server may be slow/long. Maybe you should increase the time-out value to be sure to not trigger it for nothing

@exiledkingcc
Copy link
Contributor Author

great. Just be aware that test running on the server may be slow/long. Maybe you should increase the time-out value to be sure to not trigger it for nothing

ok, i will increase timeout to 30, though 10s may be enough.

@pubpub-zz
Copy link
Collaborator

@MartinThoma
this PR is all yours

@MartinThoma MartinThoma changed the title BUG: fix #1825 no object follows the comment BUG: Prevent infinite loop when no character follows after a comment May 21, 2023
@MartinThoma MartinThoma merged commit b0e5c68 into py-pdf:main May 21, 2023
@MartinThoma
Copy link
Member

Very nice work @exiledkingcc 👏 Thank you 🙏

MartinThoma added a commit that referenced this pull request May 21, 2023
@MartinThoma
REL: 3.9.0
0096c99 
New Features (ENH)
-  Simplify metadata input (Document Information Dictionary) (#1851)
-  Extend cmap compatibilty to GBK_EUC_H/V (#1812)

Bug Fixes (BUG)
-  Prevent infinite loop when no character follows after a comment (#1828)
-  get_contents does not return ContentStream (#1847)
-  Accept XYZ destination with zoom missing (default to zoom=0.0) (#1844)
-  Cope with 1 Bit images (#1815)

Robustness (ROB)
-  Handle missing /Type entry in Page tree (#1845)

Documentation (DOC)
-  Expand file size explanations (#1835)
-  Add comparison with pdfplumber (#1837)
-  Clarify that PyPDF2 is dead (#1827)
-  Add Hunter King as Contributor for #1806

Maintenance (MAINT)
-  Refactor internal Encryption class (#1821)
-  Add R parameter to generate_values (#1820)
-  Make encryption_key parameter of write_to_stream optional (#1819)
-  Prepare for adding AES enryption support (#1818)

Code Style (STY):
-  Iterate directly over the list instead of using range (#1839)
-  Minor refactorings in _encryption.py (#1822)

[Full Changelog](3.8.1...3.9.0)
@exiledkingcc exiledkingcc deleted the fix-1825 branch May 22, 2023 15:09
@MartinThoma
Copy link
Member

I've just created a security advisory for this: GHSA-4vvm-4w3v-6mr8

@MartinThoma MartinThoma added the nf-security Non-functional change: Security label Jun 29, 2023
@ThiefMaster
Copy link

A release with the fix would be great, considering that Dependabot is now bothering users about this :)

@MartinThoma
Copy link
Member

MartinThoma commented Jul 7, 2023
edited
Loading

It is fixed in pypdf>=3.9.0 (as stated above + in the advisory).

PyPDF2 users should migrate to pypdf.

linusjf added a commit to linusjf/LearnPython3 that referenced this pull request Jul 25, 2023
@linusjf
fix: fix for security violations based on py-pdf/pypdf#1828
5d360aa
linusjf added a commit to linusjf/LearnPython3 that referenced this pull request Jul 25, 2023
@linusjf
fix: fix for security violations based on py-pdf/pypdf#1828
c9cc73f
@geo-ghci-test geo-ghci-test bot mentioned this pull request Apr 12, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pubpub-zz pubpub-zz pubpub-zz approved these changes

Assignees
No one assigned
Labels
nf-security Non-functional change: Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

pypdf hangs on one specific PDF - cannot catch error with try/except
4 participants
@exiledkingcc @pubpub-zz @MartinThoma @ThiefMaster