Merge pull request #1525 from m-holger/fuzz

Validate existence of array items in `NNTree`, improve null handling,…

Merge pull request #1525 from m-holger/fuzz
Validate existence of array items in `NNTree`, improve null handling,…
m-holger · GitHub
2 parents 7e9c6c74 6dfdc404
Showing 4 changed files with 10 additions and 3 deletions
fuzz/CMakeLists.txt
fuzz/qpdf_extra/4720043549327360.fuzz
fuzz/qtest/fuzz.test
libqpdf/NNTree.cc
@@ -159,6 +159,7 @@ set(CORPUS_OTHER
   409905355.fuzz
   411312393.fuzz
   433311400.fuzz
+  4720043549327360.fuzz
   5109284021272576.fuzz
   6489005569146880.fuzz
 )
@@ -11,7 +11,7 @@ my $td = new TestDriver(&#39;fuzz&#39;);
  
 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
  
-my $n_qpdf_files = 98;       # increment when adding new files
+my $n_qpdf_files = 99;       # increment when adding new files
  
 my @fuzzers = (
     ['ascii85' => 1],
@@ -139,6 +139,8 @@ NNTreeIterator::increment(bool backward)
                 impl.warn(node, "items array doesn't have enough elements");
             } else if (!impl.details.keyValid(items[item_number])) {
                 impl.warn(node, ("item " + std::to_string(item_number) + " has the wrong type"));
+            } else if (!items[item_number + 1]) {
+                impl.warn(node, "item " + std::to_string(item_number) + " is null");
             } else {
                 return;
             }
@@ -734,8 +736,12 @@ NNTreeImpl::repair()
     auto new_node = QPDFObjectHandle::newDictionary();
     new_node.replaceKey(details.itemsKey(), Array());
     NNTreeImpl repl(details, qpdf, new_node, false);
-    for (auto const& i: *this) {
-        repl.insert(i.first, i.second);
+    for (auto const& [key, value]: *this) {
+//        if (key && value) {
+            repl.insert(key, value);
+//        } else {
+//            std::cerr << key.unparse() << "\n";
+//        }
     }
     oh.replaceKey("/Kids", new_node.getKey("/Kids"));
     oh.replaceKey(details.itemsKey(), new_node.getKey(details.itemsKey()));