djvulibre/djvulibre-CVE-2021-3500.patch

--- a/libdjvu/DjVuPort.cpp	
+++ a/libdjvu/DjVuPort.cpp	
@@ -507,10 +507,19 @@ GP<DjVuFile>
 DjVuPortcaster::id_to_file(const DjVuPort * source, const GUTF8String &id)
 {
    GPList<DjVuPort> list;
+
+   if (!!opening_id && opening_id == id)
+      G_THROW( ERR_MSG("DjVuPortcaster.recursive_open") );
+   else
+      opening_id = id;
+
    compute_closure(source, list, true);
    GP<DjVuFile> file;
    for(GPosition pos=list;pos;++pos)
       if ((file=list[pos]->id_to_file(source, id))) break;
+
+   opening_id = GUTF8String();
+
    return file;
 }
 
--- a/libdjvu/DjVuPort.h	
+++ a/libdjvu/DjVuPort.h	
@@ -484,6 +484,7 @@ private:
                        const DjVuPort *dst, int distance);
    void compute_closure(const DjVuPort *src, GPList<DjVuPort> &list,
                         bool sorted=false);
+   GUTF8String opening_id;
 };