Commit 059d9a9b1180acf7a0e37c6fd7a42e92697da465
Committed by
GitHub
GitHub
Merge pull request #1525 from m-holger/fuzz
Validate existence of array items in `NNTree`, improve null handling,…
Showing
4 changed files
with
10 additions
and
3 deletions
fuzz/CMakeLists.txt
| @@ -159,6 +159,7 @@ set(CORPUS_OTHER | @@ -159,6 +159,7 @@ set(CORPUS_OTHER | ||
| 159 | 409905355.fuzz | 159 | 409905355.fuzz |
| 160 | 411312393.fuzz | 160 | 411312393.fuzz |
| 161 | 433311400.fuzz | 161 | 433311400.fuzz |
| 162 | + 4720043549327360.fuzz | ||
| 162 | 5109284021272576.fuzz | 163 | 5109284021272576.fuzz |
| 163 | 6489005569146880.fuzz | 164 | 6489005569146880.fuzz |
| 164 | ) | 165 | ) |
fuzz/qpdf_extra/4720043549327360.fuzz
0 → 100644
No preview for this file type
fuzz/qtest/fuzz.test
| @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); | @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); | ||
| 11 | 11 | ||
| 12 | my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; | 12 | my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; |
| 13 | 13 | ||
| 14 | -my $n_qpdf_files = 98; # increment when adding new files | 14 | +my $n_qpdf_files = 99; # increment when adding new files |
| 15 | 15 | ||
| 16 | my @fuzzers = ( | 16 | my @fuzzers = ( |
| 17 | ['ascii85' => 1], | 17 | ['ascii85' => 1], |
libqpdf/NNTree.cc
| @@ -139,6 +139,8 @@ NNTreeIterator::increment(bool backward) | @@ -139,6 +139,8 @@ NNTreeIterator::increment(bool backward) | ||
| 139 | impl.warn(node, "items array doesn't have enough elements"); | 139 | impl.warn(node, "items array doesn't have enough elements"); |
| 140 | } else if (!impl.details.keyValid(items[item_number])) { | 140 | } else if (!impl.details.keyValid(items[item_number])) { |
| 141 | impl.warn(node, ("item " + std::to_string(item_number) + " has the wrong type")); | 141 | impl.warn(node, ("item " + std::to_string(item_number) + " has the wrong type")); |
| 142 | + } else if (!items[item_number + 1]) { | ||
| 143 | + impl.warn(node, "item " + std::to_string(item_number) + " is null"); | ||
| 142 | } else { | 144 | } else { |
| 143 | return; | 145 | return; |
| 144 | } | 146 | } |
| @@ -734,8 +736,12 @@ NNTreeImpl::repair() | @@ -734,8 +736,12 @@ NNTreeImpl::repair() | ||
| 734 | auto new_node = QPDFObjectHandle::newDictionary(); | 736 | auto new_node = QPDFObjectHandle::newDictionary(); |
| 735 | new_node.replaceKey(details.itemsKey(), Array()); | 737 | new_node.replaceKey(details.itemsKey(), Array()); |
| 736 | NNTreeImpl repl(details, qpdf, new_node, false); | 738 | NNTreeImpl repl(details, qpdf, new_node, false); |
| 737 | - for (auto const& i: *this) { | ||
| 738 | - repl.insert(i.first, i.second); | 739 | + for (auto const& [key, value]: *this) { |
| 740 | +// if (key && value) { | ||
| 741 | + repl.insert(key, value); | ||
| 742 | +// } else { | ||
| 743 | +// std::cerr << key.unparse() << "\n"; | ||
| 744 | +// } | ||
| 739 | } | 745 | } |
| 740 | oh.replaceKey("/Kids", new_node.getKey("/Kids")); | 746 | oh.replaceKey("/Kids", new_node.getKey("/Kids")); |
| 741 | oh.replaceKey(details.itemsKey(), new_node.getKey(details.itemsKey())); | 747 | oh.replaceKey(details.itemsKey(), new_node.getKey(details.itemsKey())); |