From 70f7af78e19e98c7d1518ca6590deae79657ab57 Mon Sep 17 00:00:00 2001 From: m-holger Date: Sun, 2 Feb 2025 12:33:12 +0000 Subject: [PATCH] Fix QPDFOutlineObjectHelper loop detectection --- fuzz/CMakeLists.txt | 1 + fuzz/qpdf_extra/389339260.fuzz | Bin 0 -> 3542 bytes fuzz/qtest/fuzz.test | 2 +- libqpdf/QPDFOutlineObjectHelper.cc | 2 +- 4 files changed, 3 insertions(+), 2 deletions(-) create mode 100644 fuzz/qpdf_extra/389339260.fuzz diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index ad45038..d692372 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -148,6 +148,7 @@ set(CORPUS_OTHER 369662293a.fuzz 376305073.fuzz 377977949.fuzz + 389339260.fuzz 389974979.fuzz 391974927.fuzz ) diff --git a/fuzz/qpdf_extra/389339260.fuzz b/fuzz/qpdf_extra/389339260.fuzz new file mode 100644 index 0000000..7bcc475 Binary files /dev/null and b/fuzz/qpdf_extra/389339260.fuzz differ diff --git a/fuzz/qtest/fuzz.test b/fuzz/qtest/fuzz.test index efffdc6..450cb6c 100644 --- a/fuzz/qtest/fuzz.test +++ b/fuzz/qtest/fuzz.test @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; -my $n_qpdf_files = 87; # increment when adding new files +my $n_qpdf_files = 88; # increment when adding new files my @fuzzers = ( ['ascii85' => 1], diff --git a/libqpdf/QPDFOutlineObjectHelper.cc b/libqpdf/QPDFOutlineObjectHelper.cc index 964deeb..4da38b8 100644 --- a/libqpdf/QPDFOutlineObjectHelper.cc +++ b/libqpdf/QPDFOutlineObjectHelper.cc @@ -25,7 +25,7 @@ QPDFOutlineObjectHelper::QPDFOutlineObjectHelper( QPDFObjGen::set children; QPDFObjectHandle cur = oh.getKey("/First"); - while (!cur.isNull() && children.add(cur)) { + while (!cur.isNull() && cur.isIndirect() && children.add(cur)) { QPDFOutlineObjectHelper new_ooh(cur, dh, 1 + depth); new_ooh.m->parent = std::make_shared(*this); m->kids.push_back(new_ooh); -- libgit2 0.21.4