Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SEC: Infinite recursion caused by IndirectObject clone #2156

Merged
merged 1 commit into from
Sep 10, 2023
Merged

SEC: Infinite recursion caused by IndirectObject clone #2156

merged 1 commit into from
Sep 10, 2023

Conversation

exiledkingcc
Copy link
Contributor

if a object contains a indirect_reference, which points to the object it self, cloning it will cause infinite recursion.
for example: a page contains a link to self.

this will fix #2102

@exiledkingcc
BUG: infinite recursion caused by IndirectObject clone
81eb779 
if a object contains a indirect_reference, which points to the object it self,
cloning it will cause infinite recursion.
for example: a page contains a link to self.
@codecov
Copy link

codecov bot commented Sep 6, 2023

Codecov Report

Patch coverage: 100.00% and project coverage change: +0.03% 🎉

Comparison is base (05f2a65) 94.25% compared to head (81eb779) 94.28%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2156      +/-   ##
==========================================
+ Coverage   94.25%   94.28%   +0.03%     
==========================================
  Files          42       42              
  Lines        7556     7561       +5     
  Branches     1487     1488       +1     
==========================================
+ Hits         7122     7129       +7     
+ Misses        266      265       -1     
+ Partials      168      167       -1
Files Changed Coverage Δ
pypdf/generic/_base.py 100.00% <100.00%> (ø)

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@pubpub-zz
Copy link
Collaborator

Missed your PR. Wonderfull

@exiledkingcc
Copy link
Contributor Author

@pubpub-zz thank you.
trying to get more time for the pypdf community. 😀

@MartinThoma MartinThoma changed the title BUG: infinite recursion caused by IndirectObject clone SEC: Infinite recursion caused by IndirectObject clone Sep 10, 2023
@MartinThoma MartinThoma added the nf-security Non-functional change: Security label Sep 10, 2023
@MartinThoma MartinThoma merged commit e090717 into py-pdf:main Sep 10, 2023
@MartinThoma
Copy link
Member

Thank you :-)

MartinThoma added a commit that referenced this pull request Sep 10, 2023
@MartinThoma
REL: 3.16.0
fb35485 
## What's new

### Security (SEC)
-  Infinite recursion caused by IndirectObject clone (#2156)

### New Features (ENH)
-  Ease access to ViewerPreferences (#2144)

### Bug Fixes (BUG)
-  catch the case where w[0] is an IndirectObject instead of an int (#2154)
-  Cope with indirect objects in filters and remove deprecated code (#2177)
-  Cope with extra space (#2151)
-  Merge pages without resources (#2150)
-  getcontents() shall return None if contents is NullObject (#2161)
-  Fix conversion from 1 to LA (#2175)
-  Accept tabs in cmaps (#2174)

### Robustness (ROB)
-  Accept XYZ with no arguments (#2178)

[Full Changelog](3.15.5...3.16.0)
@exiledkingcc exiledkingcc deleted the fix-2102 branch September 11, 2023 01:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
nf-security Non-functional change: Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

BUG: Infinite recursion bug with PSUtils
3 participants
@exiledkingcc @pubpub-zz @MartinThoma