From 9ff8c465fbd3eb44f85988f3249768e4caa91ab0 Mon Sep 17 00:00:00 2001
From: "Sven M. Hallberg" <pesco@khjk.org>
Date: Thu, 30 Mar 2023 13:40:42 +0000
Subject: [PATCH] add test cases for out-of-bounds xref pointers

Both currently fail because the parser proper does not validate
these offsets.
---
 test/invalid/prev-oob.pdf      | 75 ++++++++++++++++++++++++++++++++++
 test/invalid/startxref-oob.pdf | 74 +++++++++++++++++++++++++++++++++
 2 files changed, 149 insertions(+)
 create mode 100644 test/invalid/prev-oob.pdf
 create mode 100644 test/invalid/startxref-oob.pdf

diff --git a/test/invalid/prev-oob.pdf b/test/invalid/prev-oob.pdf
new file mode 100644
index 0000000..2f82dde
--- /dev/null
+++ b/test/invalid/prev-oob.pdf
@@ -0,0 +1,75 @@
+%PDF-1.4
+1 0 obj
+    << /Type /Catalog
+       /Outlines 2 0 R
+       /Pages 3 0 R
+    >>
+endobj
+
+2 0 obj
+    << /Type /Outlines
+       /Count 0
+    >>
+endobj
+
+3 0 obj
+    << /Type /Pages
+       /Kids [4 0 R]
+       /Count 1
+    >>
+endobj
+
+4 0 obj
+    << /Type /Page
+       /Parent 3 0 R
+       /MediaBox [0 0 612 792]
+       /Contents 5 0 R
+       /Resources << /ProcSet 6 0 R
+                     /Font << /F1 7 0 R >>
+                  >>
+    >>
+endobj
+
+5 0 obj
+    << /Length 75 >>
+stream
+    BT
+        /F1 24 Tf
+        100 100 Td
+        (Hello World) Tj
+    ET
+endstream
+endobj
+
+6 0 obj
+    [/PDF /Text]
+endobj
+
+7 0 obj
+    << /Type /Font
+       /Subtype /Type1
+       /Name /F1
+       /BaseFont /Helvetica
+       /Encoding /MacRomanEncoding
+    >>
+endobj
+
+xref
+0 8
+0000000000 65535 f 
+0000000009 00000 n 
+0000000097 00000 n 
+0000000159 00000 n 
+0000000239 00000 n 
+0000000456 00000 n 
+0000000586 00000 n 
+0000000619 00000 n 
+
+trailer
+    << /Size 8
+       /Root 1 0 R
+       /Prev 9999
+    >>
+startxref
+764
+%%EOF
diff --git a/test/invalid/startxref-oob.pdf b/test/invalid/startxref-oob.pdf
new file mode 100644
index 0000000..7b5b959
--- /dev/null
+++ b/test/invalid/startxref-oob.pdf
@@ -0,0 +1,74 @@
+%PDF-1.4
+1 0 obj
+    << /Type /Catalog
+       /Outlines 2 0 R
+       /Pages 3 0 R
+    >>
+endobj
+
+2 0 obj
+    << /Type /Outlines
+       /Count 0
+    >>
+endobj
+
+3 0 obj
+    << /Type /Pages
+       /Kids [4 0 R]
+       /Count 1
+    >>
+endobj
+
+4 0 obj
+    << /Type /Page
+       /Parent 3 0 R
+       /MediaBox [0 0 612 792]
+       /Contents 5 0 R
+       /Resources << /ProcSet 6 0 R
+                     /Font << /F1 7 0 R >>
+                  >>
+    >>
+endobj
+
+5 0 obj
+    << /Length 75 >>
+stream
+    BT
+        /F1 24 Tf
+        100 100 Td
+        (Hello World) Tj
+    ET
+endstream
+endobj
+
+6 0 obj
+    [/PDF /Text]
+endobj
+
+7 0 obj
+    << /Type /Font
+       /Subtype /Type1
+       /Name /F1
+       /BaseFont /Helvetica
+       /Encoding /MacRomanEncoding
+    >>
+endobj
+
+xref
+0 8
+0000000000 65535 f 
+0000000009 00000 n 
+0000000097 00000 n 
+0000000159 00000 n 
+0000000239 00000 n 
+0000000456 00000 n 
+0000000586 00000 n 
+0000000619 00000 n 
+
+trailer
+    << /Size 8
+       /Root 1 0 R
+    >>
+startxref
+1005
+%%EOF
-- 
GitLab