From 7a2ef59230093093d86e06c3b8a7f62a5bd26cac Mon Sep 17 00:00:00 2001
From: m-holger <m.holger@qpdf.org>
Date: Sun, 2 Feb 2025 11:11:49 +0000
Subject: [PATCH] In Pl_ASCII85Decoder do not run finish after a runtime_error

---
 fuzz/CMakeLists.txt               | 3 +++
 fuzz/qpdf_extra/376305073.fuzz    | Bin 0 -> 378 bytes
 fuzz/qpdf_extra/389974979.fuzz    | Bin 0 -> 374 bytes
 fuzz/qpdf_extra/391974927.fuzz    | Bin 0 -> 210041 bytes
 fuzz/qtest/fuzz.test              | 2 +-
 libqpdf/Pl_ASCII85Decoder.cc      | 4 ++++
 libqpdf/qpdf/Pl_ASCII85Decoder.hh | 1 +
 7 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 fuzz/qpdf_extra/376305073.fuzz
 create mode 100644 fuzz/qpdf_extra/389974979.fuzz
 create mode 100644 fuzz/qpdf_extra/391974927.fuzz

diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
index 029ed05..ad45038 100644
--- a/fuzz/CMakeLists.txt
+++ b/fuzz/CMakeLists.txt
@@ -146,7 +146,10 @@ set(CORPUS_OTHER
   99999e.fuzz
   369662293.fuzz
   369662293a.fuzz
+  376305073.fuzz
   377977949.fuzz
+  389974979.fuzz
+  391974927.fuzz
 )
 
 set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
diff --git a/fuzz/qpdf_extra/376305073.fuzz b/fuzz/qpdf_extra/376305073.fuzz
new file mode 100644
index 0000000..255bbfd
Binary files /dev/null and b/fuzz/qpdf_extra/376305073.fuzz differ
diff --git a/fuzz/qpdf_extra/389974979.fuzz b/fuzz/qpdf_extra/389974979.fuzz
new file mode 100644
index 0000000..5e53d5e
Binary files /dev/null and b/fuzz/qpdf_extra/389974979.fuzz differ
diff --git a/fuzz/qpdf_extra/391974927.fuzz b/fuzz/qpdf_extra/391974927.fuzz
new file mode 100644
index 0000000..a4b918b
Binary files /dev/null and b/fuzz/qpdf_extra/391974927.fuzz differ
diff --git a/fuzz/qtest/fuzz.test b/fuzz/qtest/fuzz.test
index cf38a63..efffdc6 100644
--- a/fuzz/qtest/fuzz.test
+++ b/fuzz/qtest/fuzz.test
@@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz');
 
 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
 
-my $n_qpdf_files = 84;       # increment when adding new files
+my $n_qpdf_files = 87;       # increment when adding new files
 
 my @fuzzers = (
     ['ascii85' => 1],
diff --git a/libqpdf/Pl_ASCII85Decoder.cc b/libqpdf/Pl_ASCII85Decoder.cc
index 76b7311..7c526b1 100644
--- a/libqpdf/Pl_ASCII85Decoder.cc
+++ b/libqpdf/Pl_ASCII85Decoder.cc
@@ -58,6 +58,7 @@ Pl_ASCII85Decoder::write(unsigned char const* buf, size_t len)
 
             default:
                 if ((buf[i] < 33) || (buf[i] > 117)) {
+                    error = true;
                     throw std::runtime_error("character out of range during base 85 decode");
                 } else {
                     this->inbuf[this->pos++] = buf[i];
@@ -103,6 +104,9 @@ Pl_ASCII85Decoder::flush()
 void
 Pl_ASCII85Decoder::finish()
 {
+    if (error) {
+        return;
+    }
     flush();
     next()->finish();
 }
diff --git a/libqpdf/qpdf/Pl_ASCII85Decoder.hh b/libqpdf/qpdf/Pl_ASCII85Decoder.hh
index 05505c7..00e9e6d 100644
--- a/libqpdf/qpdf/Pl_ASCII85Decoder.hh
+++ b/libqpdf/qpdf/Pl_ASCII85Decoder.hh
@@ -17,6 +17,7 @@ class Pl_ASCII85Decoder final: public Pipeline
     unsigned char inbuf[5]{117, 117, 117, 117, 117};
     size_t pos{0};
     size_t eod{0};
+    bool error{false};
 };
 
 #endif // PL_ASCII85DECODER_HH
--
libgit2 0.21.4