Fixed possible infinite recursion in PdfType::resolve()

Author: MaximilianKresse

src/PdfParser/Type/PdfType.php

@@ -27,22 +27,33 @@ class PdfType
      * @param PdfType $value
      * @param PdfParser $parser
      * @param bool $stopAtIndirectObject
+     * @param array $ensuredObjectsList A list of all ensured indirect objects to prevent recursion
      * @return PdfType
      * @throws CrossReferenceException
      * @throws PdfParserException
      */
-    public static function resolve(PdfType $value, PdfParser $parser, $stopAtIndirectObject = false)
-    {
+    public static function resolve(
+        PdfType $value,
+        PdfParser $parser,
+        $stopAtIndirectObject = false,
+        array &$ensuredObjectsList = []
+    ) {
+        if ($value instanceof PdfIndirectObjectReference) {
+            $value = $parser->getIndirectObject($value->value);
+        }
+
         if ($value instanceof PdfIndirectObject) {
             if ($stopAtIndirectObject === true) {
                 return $value;
             }
 
-            return self::resolve($value->value, $parser, $stopAtIndirectObject);
-        }
-
-        if ($value instanceof PdfIndirectObjectReference) {
-            return self::resolve($parser->getIndirectObject($value->value), $parser, $stopAtIndirectObject);
+            if (\in_array($value->objectNumber, $ensuredObjectsList, true)) {
+                throw new PdfParserException(
+                    \sprintf('Indirect reference recursion detected (%s).', $value->objectNumber)
+                );
+            }
+            $ensuredObjectsList[] = $value->objectNumber;
+            return self::resolve($value->value, $parser, $stopAtIndirectObject, $ensuredObjectsList);
         }
 
         return $value;

src/PdfReader/PdfReader.php

@@ -147,7 +147,7 @@ public function getPage($pageNumber)
                 foreach ($kids->value as $reference) {
                     $reference = PdfIndirectObjectReference::ensure($reference);
 
-                    if (\in_array($reference->value, $alreadyReadKids)) {
+                    if (\in_array($reference->value, $alreadyReadKids, true)) {
                         throw new PdfReaderException('Recursive pages dictionary detected.');
                     }
                     $alreadyReadKids[] = $reference->value;
@@ -224,7 +224,7 @@ protected function readPages($readAll = false)
                     continue;
                 }
 
-                if (\in_array($reference->value, $alreadyReadKids)) {
+                if (\in_array($reference->value, $alreadyReadKids, true)) {
                     throw new PdfReaderException('Recursive pages dictionary detected.');
                 }
                 $alreadyReadKids[] = $reference->value;

tests/functional/PdfParser/Type/PdfIndirectObjectTest.php

@@ -5,14 +5,10 @@
 use PHPUnit\Framework\TestCase;
 use setasign\Fpdi\PdfParser\PdfParser;
 use setasign\Fpdi\PdfParser\StreamReader;
-use setasign\Fpdi\PdfParser\Type\PdfBoolean;
 use setasign\Fpdi\PdfParser\Type\PdfDictionary;
 use setasign\Fpdi\PdfParser\Type\PdfIndirectObject;
-use setasign\Fpdi\PdfParser\Type\PdfIndirectObjectReference;
-use setasign\Fpdi\PdfParser\Type\PdfNull;
 use setasign\Fpdi\PdfParser\Type\PdfNumeric;
 use setasign\Fpdi\PdfParser\Type\PdfStream;
-use setasign\Fpdi\PdfParser\Type\PdfToken;
 
 class PdfIndirectObjectTest extends TestCase
 {
@@ -129,7 +125,6 @@ public function testParse($objectNumberToken, $generationNumberToken, $in, $expe
         if ($result->value instanceof PdfStream) {
             $this->assertEquals($expectedResult->value->value, $result->value->value);
             $this->assertSame($expectedResult->value->getStream(), $result->value->getStream());
-
         } else {
             $this->assertEquals($expectedResult, $result);
         }

tests/functional/PdfParser/Type/PdfTypeTest.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PdfParser\Type;
+
+use PHPUnit\Framework\TestCase;
+use setasign\Fpdi\PdfParser\PdfParser;
+use setasign\Fpdi\PdfParser\PdfParserException;
+use setasign\Fpdi\PdfParser\Type\PdfIndirectObject;
+use setasign\Fpdi\PdfParser\Type\PdfIndirectObjectReference;
+use setasign\Fpdi\PdfParser\Type\PdfType;
+
+class PdfTypeTest extends TestCase
+{
+    public function testResolveWithRecursiveReferences()
+    {
+        $parser = (
+            $this->getMockBuilder(PdfParser::class)
+            ->setMethods(['getCatalog', 'getIndirectObject'])
+            ->disableOriginalConstructor()
+            ->getMock()
+        );
+
+        $object1 = PdfIndirectObject::create(1, 0, PdfIndirectObjectReference::create(2, 0));
+        $object2 = PdfIndirectObject::create(2, 0, PdfIndirectObjectReference::create(1, 0));
+        $parser->method('getIndirectObject')->willReturnMap([
+            [1, false, $object1],
+            [2, false, $object2],
+        ]);
+
+        $this->expectException(PdfParserException::class);
+        $this->expectExceptionMessage('Indirect reference recursion detected (1).');
+        PdfType::resolve($object1, $parser);
+    }
+}