From 14dba6a76b4e2a7d2ef27ba6b8f2b3dc25ddf898 Mon Sep 17 00:00:00 2001 From: m-holger Date: Mon, 8 Sep 2025 00:47:12 +0100 Subject: [PATCH] Add key and value validation in `NNTreeImpl` replacement logic to ensure validity before insertion. --- fuzz/CMakeLists.txt | 1 + fuzz/qpdf_extra/6310410941956096.fuzz | Bin 0 -> 950 bytes fuzz/qtest/fuzz.test | 2 +- libqpdf/NNTree.cc | 2 +- 4 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 fuzz/qpdf_extra/6310410941956096.fuzz diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index 0b81397..136a518 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -164,6 +164,7 @@ set(CORPUS_OTHER 4720043549327360.fuzz 5109284021272576.fuzz 5828408539152384.fuzz + 6310410941956096.fuzz 6489005569146880.fuzz ) diff --git a/fuzz/qpdf_extra/6310410941956096.fuzz b/fuzz/qpdf_extra/6310410941956096.fuzz new file mode 100644 index 0000000..9d7851a Binary files /dev/null and b/fuzz/qpdf_extra/6310410941956096.fuzz differ diff --git a/fuzz/qtest/fuzz.test b/fuzz/qtest/fuzz.test index ecafb06..dba9984 100644 --- a/fuzz/qtest/fuzz.test +++ b/fuzz/qtest/fuzz.test @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; -my $n_qpdf_files = 102; # increment when adding new files +my $n_qpdf_files = 103; # increment when adding new files my @fuzzers = ( ['ascii85' => 1], diff --git a/libqpdf/NNTree.cc b/libqpdf/NNTree.cc index 27da4ae..372f7c6 100644 --- a/libqpdf/NNTree.cc +++ b/libqpdf/NNTree.cc @@ -666,7 +666,7 @@ NNTreeImpl::repair() NNTreeImpl repl(qpdf, new_node, key_type, value_valid, false); std::map items; for (auto const& [key, value]: *this) { - if (key && value) { + if (key && value && repl.keyValid(key) && repl.value_valid(value) ) { items.insert_or_assign(key, value); } } -- libgit2 0.21.4