From 43fa1b27556c64c13f43198876ce7a05069124a2 Mon Sep 17 00:00:00 2001 From: m-holger Date: Tue, 4 Feb 2025 15:06:39 +0000 Subject: [PATCH] Refine QPDFParser error handling --- fuzz/CMakeLists.txt | 1 + fuzz/qpdf_extra/388571629.fuzz | Bin 0 -> 893256 bytes fuzz/qtest/fuzz.test | 2 +- libqpdf/QPDFParser.cc | 5 +++++ 4 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 fuzz/qpdf_extra/388571629.fuzz diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index 7331c4c..9a30b3b 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -149,6 +149,7 @@ set(CORPUS_OTHER 376305073.fuzz 376305073a.fuzz 377977949.fuzz + 388571629.fuzz 389339260.fuzz 389974979.fuzz 391974927.fuzz diff --git a/fuzz/qpdf_extra/388571629.fuzz b/fuzz/qpdf_extra/388571629.fuzz new file mode 100644 index 0000000..31874ca Binary files /dev/null and b/fuzz/qpdf_extra/388571629.fuzz differ diff --git a/fuzz/qtest/fuzz.test b/fuzz/qtest/fuzz.test index 100fcc2..9a784d1 100644 --- a/fuzz/qtest/fuzz.test +++ b/fuzz/qtest/fuzz.test @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; -my $n_qpdf_files = 90; # increment when adding new files +my $n_qpdf_files = 91; # increment when adding new files my @fuzzers = ( ['ascii85' => 1], diff --git a/libqpdf/QPDFParser.cc b/libqpdf/QPDFParser.cc index 3f176c5..2763112 100644 --- a/libqpdf/QPDFParser.cc +++ b/libqpdf/QPDFParser.cc @@ -470,6 +470,11 @@ bool QPDFParser::tooManyBadTokens() { if (--max_bad_count > 0 && good_count > 4) { + if (frame->olist.size() > 100'000 || frame->dict.size() > 100'000) { + warn("encountered errors while parsing an array or dictionary with more than 100000 " + "elements; giving up on reading object"); + return true; + } good_count = 0; bad_count = 1; return false; -- libgit2 0.21.4