Commit 7a2ef59230093093d86e06c3b8a7f62a5bd26cac
1 parent
e324d36b
In Pl_ASCII85Decoder do not run finish after a runtime_error
Fixes oss-fuzz cases 376305073, 389974979 and 391974927.
Showing
7 changed files
with
9 additions
and
1 deletions
fuzz/CMakeLists.txt
fuzz/qpdf_extra/376305073.fuzz
0 โ 100644
No preview for this file type
fuzz/qpdf_extra/389974979.fuzz
0 โ 100644
No preview for this file type
fuzz/qpdf_extra/391974927.fuzz
0 โ 100644
No preview for this file type
fuzz/qtest/fuzz.test
| ... | ... | @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); |
| 11 | 11 | |
| 12 | 12 | my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; |
| 13 | 13 | |
| 14 | -my $n_qpdf_files = 84; # increment when adding new files | |
| 14 | +my $n_qpdf_files = 87; # increment when adding new files | |
| 15 | 15 | |
| 16 | 16 | my @fuzzers = ( |
| 17 | 17 | ['ascii85' => 1], | ... | ... |
libqpdf/Pl_ASCII85Decoder.cc
| ... | ... | @@ -58,6 +58,7 @@ Pl_ASCII85Decoder::write(unsigned char const* buf, size_t len) |
| 58 | 58 | |
| 59 | 59 | default: |
| 60 | 60 | if ((buf[i] < 33) || (buf[i] > 117)) { |
| 61 | + error = true; | |
| 61 | 62 | throw std::runtime_error("character out of range during base 85 decode"); |
| 62 | 63 | } else { |
| 63 | 64 | this->inbuf[this->pos++] = buf[i]; |
| ... | ... | @@ -103,6 +104,9 @@ Pl_ASCII85Decoder::flush() |
| 103 | 104 | void |
| 104 | 105 | Pl_ASCII85Decoder::finish() |
| 105 | 106 | { |
| 107 | + if (error) { | |
| 108 | + return; | |
| 109 | + } | |
| 106 | 110 | flush(); |
| 107 | 111 | next()->finish(); |
| 108 | 112 | } | ... | ... |
libqpdf/qpdf/Pl_ASCII85Decoder.hh