Commit 542a4282da0b0b867fb14794e1714e95a02b5c0b
Committed by
GitHub
GitHub
Merge pull request #1344 from m-holger/fuzz
Fix bugs found during fuzzing
Showing
9 changed files
with
11 additions
and
2 deletions
fuzz/CMakeLists.txt
| ... | ... | @@ -146,7 +146,11 @@ set(CORPUS_OTHER |
| 146 | 146 | 99999e.fuzz |
| 147 | 147 | 369662293.fuzz |
| 148 | 148 | 369662293a.fuzz |
| 149 | + 376305073.fuzz | |
| 149 | 150 | 377977949.fuzz |
| 151 | + 389339260.fuzz | |
| 152 | + 389974979.fuzz | |
| 153 | + 391974927.fuzz | |
| 150 | 154 | ) |
| 151 | 155 | |
| 152 | 156 | set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus) | ... | ... |
fuzz/qpdf_extra/376305073.fuzz
0 → 100644
No preview for this file type
fuzz/qpdf_extra/389339260.fuzz
0 → 100644
No preview for this file type
fuzz/qpdf_extra/389974979.fuzz
0 → 100644
No preview for this file type
fuzz/qpdf_extra/391974927.fuzz
0 → 100644
No preview for this file type
fuzz/qtest/fuzz.test
| ... | ... | @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); |
| 11 | 11 | |
| 12 | 12 | my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; |
| 13 | 13 | |
| 14 | -my $n_qpdf_files = 84; # increment when adding new files | |
| 14 | +my $n_qpdf_files = 88; # increment when adding new files | |
| 15 | 15 | |
| 16 | 16 | my @fuzzers = ( |
| 17 | 17 | ['ascii85' => 1], | ... | ... |
libqpdf/Pl_ASCII85Decoder.cc
| ... | ... | @@ -58,6 +58,7 @@ Pl_ASCII85Decoder::write(unsigned char const* buf, size_t len) |
| 58 | 58 | |
| 59 | 59 | default: |
| 60 | 60 | if ((buf[i] < 33) || (buf[i] > 117)) { |
| 61 | + error = true; | |
| 61 | 62 | throw std::runtime_error("character out of range during base 85 decode"); |
| 62 | 63 | } else { |
| 63 | 64 | this->inbuf[this->pos++] = buf[i]; |
| ... | ... | @@ -103,6 +104,9 @@ Pl_ASCII85Decoder::flush() |
| 103 | 104 | void |
| 104 | 105 | Pl_ASCII85Decoder::finish() |
| 105 | 106 | { |
| 107 | + if (error) { | |
| 108 | + return; | |
| 109 | + } | |
| 106 | 110 | flush(); |
| 107 | 111 | next()->finish(); |
| 108 | 112 | } | ... | ... |
libqpdf/QPDFOutlineObjectHelper.cc
| ... | ... | @@ -25,7 +25,7 @@ QPDFOutlineObjectHelper::QPDFOutlineObjectHelper( |
| 25 | 25 | |
| 26 | 26 | QPDFObjGen::set children; |
| 27 | 27 | QPDFObjectHandle cur = oh.getKey("/First"); |
| 28 | - while (!cur.isNull() && children.add(cur)) { | |
| 28 | + while (!cur.isNull() && cur.isIndirect() && children.add(cur)) { | |
| 29 | 29 | QPDFOutlineObjectHelper new_ooh(cur, dh, 1 + depth); |
| 30 | 30 | new_ooh.m->parent = std::make_shared<QPDFOutlineObjectHelper>(*this); |
| 31 | 31 | m->kids.push_back(new_ooh); | ... | ... |
libqpdf/qpdf/Pl_ASCII85Decoder.hh