Merge pull request #1291 from m-holger/fuzz

In QPDFWordTokenFinder::check limit the token length

Merge pull request #1291 from m-holger/fuzz
In QPDFWordTokenFinder::check limit the token length
m-holger · GitHub
2 parents 0e92cf6b 0aa6b67e
Showing 5 changed files with 3 additions and 3 deletions
.idea/cmake.xml
fuzz/CMakeLists.txt
fuzz/qpdf_extra/99999d.fuzz
fuzz/qtest/fuzz.test
libqpdf/QPDFTokenizer.cc
@@ -2,7 +2,6 @@
 <project version="4">
   <component name="CMakeSharedSettings">
     <configurations>
-      <configuration PROFILE_NAME="Debug" ENABLED="true" CONFIG_NAME="Debug" />
       <configuration PROFILE_NAME="Maintainer" ENABLED="true" CONFIG_NAME="RelWithDebInfo" GENERATION_OPTIONS="-DMAINTAINER_MODE=ON -DBUILD_STATIC_LIBS=OFF" />
       <configuration PROFILE_NAME="Windows" ENABLED="true" CONFIG_NAME="RelWithDebInfo" TOOLCHAIN_NAME="Visual Studio" GENERATION_OPTIONS="-DBUILD_SHARED_LIBS=OFF" />
     </configurations>
@@ -145,6 +145,7 @@ set(CORPUS_OTHER
   99999a.fuzz
   99999b.fuzz
   99999c.fuzz
+  99999d.fuzz
 )
  
 set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
@@ -11,7 +11,7 @@ my $td = new TestDriver(&#39;fuzz&#39;);
  
 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
  
-my $n_qpdf_files = 82;       # increment when adding new files
+my $n_qpdf_files = 83;       # increment when adding new files
  
 my @fuzzers = (
     ['ascii85' => 1],
@@ -47,7 +47,7 @@ QPDFWordTokenFinder::check()
     // Find a word token matching the given string, preceded by a delimiter, and followed by a
     // delimiter or EOF.
     QPDFTokenizer tokenizer;
-    QPDFTokenizer::Token t = tokenizer.readToken(is, "finder", true);
+    QPDFTokenizer::Token t = tokenizer.readToken(is, "finder", true, str.size() + 2);
     qpdf_offset_t pos = is.tell();
     if (!(t == QPDFTokenizer::Token(QPDFTokenizer::tt_word, str))) {
         QTC::TC("qpdf", "QPDFTokenizer finder found wrong word");