From 0a081e1f097e29e022cd04c12ffcfa7691107ba4 Mon Sep 17 00:00:00 2001
From: m-holger <m-holger@kubitscheck.org>
Date: Sat, 29 Jun 2024 12:38:07 +0100
Subject: [PATCH] In QPDFOutlineObjectHelper detect loops in direct children

---
 fuzz/CMakeLists.txt                | 1 +
 fuzz/qpdf_extra/69969.fuzz         | Bin 0 -> 11828 bytes
 fuzz/qpdf_fuzzer.cc                | 3 +++
 fuzz/qtest/fuzz.test               | 2 +-
 libqpdf/QPDFOutlineObjectHelper.cc | 3 ++-
 5 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 fuzz/qpdf_extra/69969.fuzz

diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
index 8f3008d..d492bfe 100644
--- a/fuzz/CMakeLists.txt
+++ b/fuzz/CMakeLists.txt
@@ -120,6 +120,7 @@ set(CORPUS_OTHER
   68915.fuzz
   69857.fuzz
   69913.fuzz
+  69969.fuzz
 )
 
 set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
diff --git a/fuzz/qpdf_extra/69969.fuzz b/fuzz/qpdf_extra/69969.fuzz
new file mode 100644
index 0000000..3fdb635
Binary files /dev/null and b/fuzz/qpdf_extra/69969.fuzz differ
diff --git a/fuzz/qpdf_fuzzer.cc b/fuzz/qpdf_fuzzer.cc
index 6f94127..678bec8 100644
--- a/fuzz/qpdf_fuzzer.cc
+++ b/fuzz/qpdf_fuzzer.cc
@@ -173,8 +173,11 @@ FuzzHelper::doChecks()
 {
     // Get as much coverage as possible in parts of the library that
     // might benefit from fuzzing.
+    std::cout << "starting testWrite\n";
     testWrite();
+    std::cout << "\nstarting testPages\n\n";
     testPages();
+    std::cout << "\nstarting testOutlines\n\n";
     testOutlines();
 }
 
diff --git a/fuzz/qtest/fuzz.test b/fuzz/qtest/fuzz.test
index 6bcbbde..fffecc1 100644
--- a/fuzz/qtest/fuzz.test
+++ b/fuzz/qtest/fuzz.test
@@ -21,7 +21,7 @@ my @fuzzers = (
     ['pngpredictor' => 1],
     ['runlength' => 6],
     ['tiffpredictor' => 2],
-    ['qpdf' => 62],             # increment when adding new files
+    ['qpdf' => 63],             # increment when adding new files
     );
 
 my $n_tests = 0;
diff --git a/libqpdf/QPDFOutlineObjectHelper.cc b/libqpdf/QPDFOutlineObjectHelper.cc
index 3b5db47..2939c47 100644
--- a/libqpdf/QPDFOutlineObjectHelper.cc
+++ b/libqpdf/QPDFOutlineObjectHelper.cc
@@ -23,8 +23,9 @@ QPDFOutlineObjectHelper::QPDFOutlineObjectHelper(
         return;
     }
 
+    QPDFObjGen::set children;
     QPDFObjectHandle cur = oh.getKey("/First");
-    while (!cur.isNull()) {
+    while (!cur.isNull() && children.add(cur)) {
         QPDFOutlineObjectHelper new_ooh(cur, dh, 1 + depth);
         new_ooh.m->parent = std::make_shared<QPDFOutlineObjectHelper>(*this);
         m->kids.push_back(new_ooh);
--
libgit2 0.21.4