Merge pull request #1599 from m-holger/fuzz

Improve handling of xref stream anomalies and update tests.

Merge pull request #1599 from m-holger/fuzz
Improve handling of xref stream anomalies and update tests.
m-holger · GitHub
2 parents db575083 133e5308
Showing 10 changed files with 23 additions and 5 deletions
fuzz/CMakeLists.txt
fuzz/qpdf_extra/4876793183272960.fuzz
fuzz/qtest/fuzz.test
libqpdf/QPDF_objects.cc
qpdf/qtest/error-condition.test
qpdf/qtest/qpdf/bad12-recover.out
qpdf/qtest/qpdf/bad12.out
qpdf/qtest/qpdf/bad40-recover.out
qpdf/qtest/qpdf/bad40.out
qpdf/qtest/qpdf/bad40.pdf
@@ -162,6 +162,7 @@ set(CORPUS_OTHER
   440599107.fuzz
   440747125.fuzz
   4720043549327360.fuzz
+  4876793183272960.fuzz
   5109284021272576.fuzz
   5344352869351424.fuzz
   5828408539152384.fuzz
@@ -11,7 +11,7 @@ my $td = new TestDriver(&#39;fuzz&#39;);
 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
-my $n_qpdf_files = 105;       # increment when adding new files
+my $n_qpdf_files = 106;       # increment when adding new files
 my @fuzzers = (
     ['ascii85' => 1],
@@ -533,7 +533,7 @@ Objects::read_xref(qpdf_offset_t xref_offset, bool in_stream_recovery)
         max_obj = std::max(max_obj, *(m->deleted_objects.rbegin()));
     }
     if (size < 1 || (size - 1) != max_obj) {
-        if ((size - 2) == max_obj) { //&& qpdf.getObject(max_obj, 0).isStreamOfType("/XRef")) {
+        if (size  == (max_obj + 2) && qpdf.getObject(max_obj +1, 0).isStreamOfType("/XRef")) {
             warn(damagedPDF(
                 "",
                 -1,
@@ -56,6 +56,7 @@ my @badfiles = (&quot;not a PDF file&quot;,                       # 1
                 "space before xref",                    # 37
                 "startxref to space then eof",          # 38
                 "stream lenth revocery overlapping",    # 39
+                "xref stream no entry for self",        # 40
                 );
 $n_tests += @badfiles + 8;
@@ -66,7 +67,7 @@ $n_tests += @badfiles + 8;
 # have error conditions that used to be fatal but are now considered
 # non-fatal.
 my %badtest_overrides = ();
-for(6, 12..15, 17, 18..32, 34..37, 39)
+for(6, 12..15, 17, 18..32, 34..37, 39, 40)
 {
     $badtest_overrides{$_} = 0;
 }
-WARNING: bad12.pdf: xref entry for the xref stream itself is missing - a common error handled correctly by qpdf and most other applications
+WARNING: bad12.pdf: reported number of objects (9) is not one plus the highest object number (7)
 WARNING: bad12.pdf (object 2 0, offset 128): expected endobj
 /QTest is implicit
 /QTest is direct and has type null (2)
-WARNING: bad12.pdf: xref entry for the xref stream itself is missing - a common error handled correctly by qpdf and most other applications
+WARNING: bad12.pdf: reported number of objects (9) is not one plus the highest object number (7)
 WARNING: bad12.pdf (object 2 0, offset 128): expected endobj
 /QTest is implicit
 /QTest is direct and has type null (2)
+WARNING: bad40.pdf: xref entry for the xref stream itself is missing - a common error handled correctly by qpdf and most other applications
+WARNING: bad40.pdf object stream 1 (object 1 0, offset 0): object stream claims to contain itself
+/QTest is implicit
+/QTest is direct and has type null (2)
+/QTest is null
+unparse: null
+unparseResolved: null
+test 1 done
+WARNING: bad40.pdf: xref entry for the xref stream itself is missing - a common error handled correctly by qpdf and most other applications
+WARNING: bad40.pdf object stream 1 (object 1 0, offset 0): object stream claims to contain itself
+/QTest is implicit
+/QTest is direct and has type null (2)
+/QTest is null
+unparse: null
+unparseResolved: null
+test 0 done