Author: tilman
Date: Wed Jul 23 07:42:23 2025
New Revision: 1927410
Log:
PDFBOX-6038: catch nested BI, as suggested by David Justamante; add test
Modified:
pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFStreamParser.java
pdfbox/trunk/pdfbox/src/test/java/org/apache/pdfbox/pdfparser/PDFStreamParserTest.java
Modified:
pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFStreamParser.java
==============================================================================
---
pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFStreamParser.java
Wed Jul 23 07:42:19 2025 (r1927409)
+++
pdfbox/trunk/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/PDFStreamParser.java
Wed Jul 23 07:42:23 2025 (r1927410)
@@ -48,6 +48,7 @@ public class PDFStreamParser extends Bas
private static final int MAX_BIN_CHAR_TEST_LENGTH = 10;
private final byte[] binCharTestArr = new byte[MAX_BIN_CHAR_TEST_LENGTH];
+ private int inlineImageDepth = 0;
/**
* Constructor.
@@ -236,6 +237,12 @@ public class PDFStreamParser extends Bas
Operator beginImageOP = Operator.getOperator(nextOperator);
if (nextOperator.equals(OperatorName.BEGIN_INLINE_IMAGE))
{
+ inlineImageDepth++;
+ if (inlineImageDepth > 1)
+ {
+ // PDFBOX-6038
+ throw new IOException("Nested '" +
OperatorName.BEGIN_INLINE_IMAGE + "' operator not allowed");
+ }
COSDictionary imageParams = new COSDictionary();
beginImageOP.setImageParameters( imageParams );
Object nextToken = null;
@@ -260,6 +267,7 @@ public class PDFStreamParser extends Bas
source.getPosition());
}
beginImageOP.setImageData(imageData.getImageData());
+ inlineImageDepth--;
}
}
return beginImageOP;
Modified:
pdfbox/trunk/pdfbox/src/test/java/org/apache/pdfbox/pdfparser/PDFStreamParserTest.java
==============================================================================
---
pdfbox/trunk/pdfbox/src/test/java/org/apache/pdfbox/pdfparser/PDFStreamParserTest.java
Wed Jul 23 07:42:19 2025 (r1927409)
+++
pdfbox/trunk/pdfbox/src/test/java/org/apache/pdfbox/pdfparser/PDFStreamParserTest.java
Wed Jul 23 07:42:23 2025 (r1927410)
@@ -23,6 +23,7 @@ import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
/**
* Tests for PDFStreamParser.
@@ -89,6 +90,17 @@ class PDFStreamParserTest
testInlineImage2ops("ID\n12EI5EI Q ", "12EI5", "Q");
}
+ /**
+ * PDFBOX-6038: test that nested BI is detected.
+ */
+ @Test
+ void testNestedBI()
+ {
+ IOException ex =
+ assertThrows(IOException.class, () ->
testInlineImage2ops("BI/IB/IB BI/ BI", "", ""));
+ assertEquals("Nested '" + OperatorName.BEGIN_INLINE_IMAGE + "'
operator not allowed", ex.getMessage());
+ }
+
// checks whether there are two operators, one inline image and the named
operator
private void testInlineImage2ops(String s, String imageDataString, String
opName) throws IOException
{
