svn commit: r1927409 - in pdfbox/branches/2.0/pdfbox/src: main/java/org/apache/pdfbox/pdfparser test/java/org/apache/pdfbox/pdfparser

Wed, 23 Jul 2025 00:42:24 -0700 

Author: tilman
Date: Wed Jul 23 07:42:19 2025
New Revision: 1927409

Log:
PDFBOX-6038: catch nested BI, as suggested by David Justamante; add test

Modified:
   
pdfbox/branches/2.0/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFStreamParser.java
   
pdfbox/branches/2.0/pdfbox/src/test/java/org/apache/pdfbox/pdfparser/PDFStreamParserTest.java

Modified: 
pdfbox/branches/2.0/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFStreamParser.java
==============================================================================
--- 
pdfbox/branches/2.0/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFStreamParser.java
   Wed Jul 23 06:45:02 2025        (r1927408)
+++ 
pdfbox/branches/2.0/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFStreamParser.java
   Wed Jul 23 07:42:19 2025        (r1927409)
@@ -52,6 +52,7 @@ public class PDFStreamParser extends Bas
     
     private static final int MAX_BIN_CHAR_TEST_LENGTH = 10;
     private final byte[] binCharTestArr = new byte[MAX_BIN_CHAR_TEST_LENGTH];
+    private int inlineImageDepth = 0;
     
     /**
      * Constructor.
@@ -275,6 +276,12 @@ public class PDFStreamParser extends Bas
                 Operator beginImageOP = Operator.getOperator(nextOperator);
                 if (nextOperator.equals(OperatorName.BEGIN_INLINE_IMAGE))
                 {
+                    inlineImageDepth++;
+                    if (inlineImageDepth > 1)
+                    {
+                        // PDFBOX-6038
+                        throw new IOException("Nested '" + 
OperatorName.BEGIN_INLINE_IMAGE + "' operator not allowed");
+                    }
                     COSDictionary imageParams = new COSDictionary();
                     beginImageOP.setImageParameters(imageParams);
                     Object nextToken = null;
@@ -288,6 +295,7 @@ public class PDFStreamParser extends Bas
                             break;
                         }
                         imageParams.setItem((COSName) nextToken, (COSBase) 
value);
+                        inlineImageDepth--;
                     }
                     // final token will be the image data, maybe??
                     if (nextToken instanceof Operator)

Modified: 
pdfbox/branches/2.0/pdfbox/src/test/java/org/apache/pdfbox/pdfparser/PDFStreamParserTest.java
==============================================================================
--- 
pdfbox/branches/2.0/pdfbox/src/test/java/org/apache/pdfbox/pdfparser/PDFStreamParserTest.java
       Wed Jul 23 06:45:02 2025        (r1927408)
+++ 
pdfbox/branches/2.0/pdfbox/src/test/java/org/apache/pdfbox/pdfparser/PDFStreamParserTest.java
       Wed Jul 23 07:42:19 2025        (r1927409)
@@ -87,6 +87,23 @@ public class PDFStreamParserTest extends
         testInlineImage2ops("ID\n12EI5EI          Q   ", "12EI5", "Q");
     }
 
+    /**
+     * PDFBOX-6038: test that nested BI is detected.
+     */
+    public void testNestedBI()
+    {
+        try
+        {
+            testInlineImage2ops("BI/IB/IB BI/ BI", "", "");
+        }
+        catch (IOException ex)
+        {
+            assertEquals("Nested '" + OperatorName.BEGIN_INLINE_IMAGE + "' 
operator not allowed", ex.getMessage());
+            return;
+        }
+        fail("Should have thrown");        
+    }
+
     // checks whether there are two operators, one inline image and the named 
operator
     private void testInlineImage2ops(String s, String imageDataString, String 
opName) throws IOException
     {

Reply via email to