Merge pull request #1237 from m-holger/fuzz

Add extra sanity check on pages tree

Merge pull request #1237 from m-holger/fuzz
Add extra sanity check on pages tree
m-holger · GitHub
2 parents 1ec5d3da c2c1618e
Showing 6 changed files with 8 additions and 1 deletions
fuzz/CMakeLists.txt
fuzz/qpdf_extra/4599089157701632.fuzz
fuzz/qpdf_extra/69977b.fuzz
fuzz/qpdf_extra/69977c.fuzz
fuzz/qtest/fuzz.test
libqpdf/QPDF_pages.cc
@@ -124,7 +124,10 @@ set(CORPUS_OTHER
   69969.fuzz
   69977.fuzz
   69977a.fuzz
+  69977b.fuzz
+  69977c.fuzz
   70055.fuzz
+  4599089157701632.fuzz
 )
 set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
@@ -21,7 +21,7 @@ my @fuzzers = (
     ['pngpredictor' => 1],
     ['runlength' => 6],
     ['tiffpredictor' => 2],
-    ['qpdf' => 67],             # increment when adding new files
+    ['qpdf' => 70],             # increment when adding new files
     );
 my $n_tests = 0;
@@ -98,6 +98,10 @@ QPDF::getAllPagesInternal(
     int n = kids.getArrayNItems();
     for (int i = 0; i < n; ++i) {
         auto kid = kids.getArrayItem(i);
+        if (!kid.isDictionary()) {
+            kid.warnIfPossible("Pages tree includes non-dictionary object; removing");
+            continue;
+        }
         if (kid.hasKey("/Kids")) {
             getAllPagesInternal(kid, visited, seen, media_box);
         } else {