OpenSystemsDevelopment / qpdf

Commit 5edb548148a25ebcd187e96f97282d04bb2cd2eb

Authored by m-holger
1 parent 99f3a7b5

Reduce Pl_DCT and Pl_Flate memory limits during fuzzing 

Also, add additional qpdf_fuzzer test case.
Inline Side-by-side
Showing 5 changed files with 5 additions and 4 deletions
fuzz/CMakeLists.txt
  View file @5edb548
@@ -100,6 +100,7 @@ set(CORPUS_OTHER @@ -100,6 +100,7 @@ set(CORPUS_OTHER
100 16953.fuzz 100 16953.fuzz
101 17630.fuzz 101 17630.fuzz
102 17630a.fuzz 102 17630a.fuzz
  103 + 17630b.fuzz
103 18241.fuzz 104 18241.fuzz
104 18247.fuzz 105 18247.fuzz
105 23172.fuzz 106 23172.fuzz
fuzz/dct_fuzzer.cc
  View file @5edb548
@@ -30,7 +30,7 @@ FuzzHelper::doChecks() @@ -30,7 +30,7 @@ FuzzHelper::doChecks()
30 // fuzzing is due to corrupt JPEG data which sometimes cannot be detected before 30 // fuzzing is due to corrupt JPEG data which sometimes cannot be detected before
31 // jpeg_start_decompress is called. During normal use of qpdf very large JPEGs can occasionally 31 // jpeg_start_decompress is called. During normal use of qpdf very large JPEGs can occasionally
32 // occur legitimately and therefore must be allowed during normal operations. 32 // occur legitimately and therefore must be allowed during normal operations.
33 - Pl_DCT::setMemoryLimit(1'000'000'000); 33 + Pl_DCT::setMemoryLimit(200'000'000);
34 34
35 // Do not decompress corrupt data. This may cause extended runtime within jpeglib without 35 // Do not decompress corrupt data. This may cause extended runtime within jpeglib without
36 // exercising additional code paths in qpdf. 36 // exercising additional code paths in qpdf.
fuzz/qpdf_extra/17630b.fuzz 0 → 100644
View file @5edb548
No preview for this file type
fuzz/qpdf_fuzzer.cc
  View file @5edb548
@@ -180,11 +180,11 @@ FuzzHelper::doChecks() @@ -180,11 +180,11 @@ FuzzHelper::doChecks()
180 // fuzzing is due to corrupt JPEG data which sometimes cannot be detected before 180 // fuzzing is due to corrupt JPEG data which sometimes cannot be detected before
181 // jpeg_start_decompress is called. During normal use of qpdf very large JPEGs can occasionally 181 // jpeg_start_decompress is called. During normal use of qpdf very large JPEGs can occasionally
182 // occur legitimately and therefore must be allowed during normal operations. 182 // occur legitimately and therefore must be allowed during normal operations.
183 - Pl_DCT::setMemoryLimit(1'000'000'000); 183 + Pl_DCT::setMemoryLimit(100'000'000);
184 184
185 Pl_PNGFilter::setMemoryLimit(1'000'000); 185 Pl_PNGFilter::setMemoryLimit(1'000'000);
186 Pl_TIFFPredictor::setMemoryLimit(1'000'000); 186 Pl_TIFFPredictor::setMemoryLimit(1'000'000);
187 - Pl_Flate::setMemoryLimit(10'000'000); 187 + Pl_Flate::setMemoryLimit(1'000'000);
188 188
189 // Do not decompress corrupt data. This may cause extended runtime within jpeglib without 189 // Do not decompress corrupt data. This may cause extended runtime within jpeglib without
190 // exercising additional code paths in qpdf, and potentially causing counterproductive timeouts. 190 // exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.
fuzz/qtest/fuzz.test
  View file @5edb548
@@ -21,7 +21,7 @@ my @fuzzers = ( @@ -21,7 +21,7 @@ my @fuzzers = (
21 ['pngpredictor' => 1], 21 ['pngpredictor' => 1],
22 ['runlength' => 6], 22 ['runlength' => 6],
23 ['tiffpredictor' => 2], 23 ['tiffpredictor' => 2],
24 - ['qpdf' => 73], # increment when adding new files 24 + ['qpdf' => 74], # increment when adding new files
25 ); 25 );
26 26
27 my $n_tests = 0; 27 my $n_tests = 0;