Merge pull request #1226 from m-holger/fuzz5

In QPDFOutlineObjectHelper detect loops in direct children

Merge pull request #1226 from m-holger/fuzz5
In QPDFOutlineObjectHelper detect loops in direct children
m-holger · GitHub
2 parents 975fae16 0a081e1f
Showing 5 changed files with 7 additions and 2 deletions
fuzz/CMakeLists.txt
fuzz/qpdf_extra/69969.fuzz
fuzz/qpdf_fuzzer.cc
fuzz/qtest/fuzz.test
libqpdf/QPDFOutlineObjectHelper.cc
@@ -120,6 +120,7 @@ set(CORPUS_OTHER
   68915.fuzz
   69857.fuzz
   69913.fuzz
+  69969.fuzz
 )
 set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
@@ -173,8 +173,11 @@ FuzzHelper::doChecks()
 {
     // Get as much coverage as possible in parts of the library that
     // might benefit from fuzzing.
+    std::cout << "starting testWrite\n";
     testWrite();
+    std::cout << "\nstarting testPages\n\n";
     testPages();
+    std::cout << "\nstarting testOutlines\n\n";
     testOutlines();
 }
@@ -21,7 +21,7 @@ my @fuzzers = (
     ['pngpredictor' => 1],
     ['runlength' => 6],
     ['tiffpredictor' => 2],
-    ['qpdf' => 62],             # increment when adding new files
+    ['qpdf' => 63],             # increment when adding new files
     );
 my $n_tests = 0;
@@ -23,8 +23,9 @@ QPDFOutlineObjectHelper::QPDFOutlineObjectHelper(
         return;
     }
+    QPDFObjGen::set children;
     QPDFObjectHandle cur = oh.getKey("/First");
-    while (!cur.isNull()) {
+    while (!cur.isNull() && children.add(cur)) {
         QPDFOutlineObjectHelper new_ooh(cur, dh, 1 + depth);
         new_ooh.m->parent = std::make_shared<QPDFOutlineObjectHelper>(*this);
         m->kids.push_back(new_ooh);