Commit 61f7d97b20b072d6f11d71d36d196289b1a9023f
Committed by
GitHub
GitHub
Merge pull request #1283 from m-holger/fuzz
Fix #1242
Showing
5 changed files
with
10 additions
and
3 deletions
fuzz/CMakeLists.txt
| @@ -140,6 +140,7 @@ set(CORPUS_OTHER | @@ -140,6 +140,7 @@ set(CORPUS_OTHER | ||
| 140 | 70306.fuzz | 140 | 70306.fuzz |
| 141 | 70306a.fuzz | 141 | 70306a.fuzz |
| 142 | 70306b.fuzz | 142 | 70306b.fuzz |
| 143 | + 71624.fuzz | ||
| 143 | ) | 144 | ) |
| 144 | 145 | ||
| 145 | set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus) | 146 | set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus) |
fuzz/qpdf_extra/71624.fuzz
0 → 100644
No preview for this file type
fuzz/qtest/fuzz.test
| @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); | @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); | ||
| 11 | 11 | ||
| 12 | my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; | 12 | my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; |
| 13 | 13 | ||
| 14 | -my $n_qpdf_files = 77; # increment when adding new files | 14 | +my $n_qpdf_files = 78; # increment when adding new files |
| 15 | 15 | ||
| 16 | my @fuzzers = ( | 16 | my @fuzzers = ( |
| 17 | ['ascii85' => 1], | 17 | ['ascii85' => 1], |
include/qpdf/QPDF.hh
| @@ -676,7 +676,7 @@ class QPDF | @@ -676,7 +676,7 @@ class QPDF | ||
| 676 | // Traverse page tree return all /Page objects. It also detects and resolves cases in which the | 676 | // Traverse page tree return all /Page objects. It also detects and resolves cases in which the |
| 677 | // same /Page object is duplicated. For efficiency, this method returns a const reference to an | 677 | // same /Page object is duplicated. For efficiency, this method returns a const reference to an |
| 678 | // internal vector of pages. Calls to addPage, addPageAt, and removePage safely update this, but | 678 | // internal vector of pages. Calls to addPage, addPageAt, and removePage safely update this, but |
| 679 | - // directly manipulation of the pages tree or pushing inheritable objects to the page level may | 679 | + // direct manipulation of the pages tree or pushing inheritable objects to the page level may |
| 680 | // invalidate it. See comments for updateAllPagesCache() for additional notes. Newer code should | 680 | // invalidate it. See comments for updateAllPagesCache() for additional notes. Newer code should |
| 681 | // use QPDFPageDocumentHelper::getAllPages instead. The decision to expose this internal cache | 681 | // use QPDFPageDocumentHelper::getAllPages instead. The decision to expose this internal cache |
| 682 | // was arguably incorrect, but it is being left here for compatibility. It is, however, | 682 | // was arguably incorrect, but it is being left here for compatibility. It is, however, |
libqpdf/QPDF_pages.cc
| @@ -71,7 +71,13 @@ QPDF::getAllPages() | @@ -71,7 +71,13 @@ QPDF::getAllPages() | ||
| 71 | throw QPDFExc( | 71 | throw QPDFExc( |
| 72 | qpdf_e_pages, m->file->getName(), "", 0, "root of pages tree has no /Kids array"); | 72 | qpdf_e_pages, m->file->getName(), "", 0, "root of pages tree has no /Kids array"); |
| 73 | } | 73 | } |
| 74 | - getAllPagesInternal(pages, visited, seen, false); | 74 | + try { |
| 75 | + getAllPagesInternal(pages, visited, seen, false); | ||
| 76 | + } catch (...) { | ||
| 77 | + m->all_pages.clear(); | ||
| 78 | + m->invalid_page_found = false; | ||
| 79 | + throw; | ||
| 80 | + } | ||
| 75 | if (m->invalid_page_found) { | 81 | if (m->invalid_page_found) { |
| 76 | flattenPagesTree(); | 82 | flattenPagesTree(); |
| 77 | m->invalid_page_found = false; | 83 | m->invalid_page_found = false; |