Commit 7d34b89a69e8e89c098dd373442f7df809c28eff
Committed by
GitHub
GitHub
Merge pull request #1288 from m-holger/fuzz
In QPDFParser add a limit on total number of errors in one object
Showing
2 changed files
with
11 additions
and
8 deletions
libqpdf/QPDFParser.cc
| ... | ... | @@ -469,13 +469,14 @@ QPDFParser::fixMissingKeys() |
| 469 | 469 | bool |
| 470 | 470 | QPDFParser::tooManyBadTokens() |
| 471 | 471 | { |
| 472 | - if (good_count <= 4) { | |
| 473 | - if (++bad_count > 5) { | |
| 474 | - warn("too many errors; giving up on reading object"); | |
| 475 | - return true; | |
| 476 | - } | |
| 477 | - } else { | |
| 472 | + if (--max_bad_count > 0 && good_count > 4) { | |
| 473 | + good_count = 0; | |
| 478 | 474 | bad_count = 1; |
| 475 | + return false; | |
| 476 | + } | |
| 477 | + if (++bad_count > 5) { | |
| 478 | + warn("too many errors; giving up on reading object"); | |
| 479 | + return true; | |
| 479 | 480 | } |
| 480 | 481 | good_count = 0; |
| 481 | 482 | return false; | ... | ... |
libqpdf/qpdf/QPDFParser.hh
| ... | ... | @@ -83,9 +83,11 @@ class QPDFParser |
| 83 | 83 | std::vector<StackFrame> stack; |
| 84 | 84 | StackFrame* frame; |
| 85 | 85 | // Number of recent bad tokens. |
| 86 | - int bad_count = 0; | |
| 86 | + int bad_count{0}; | |
| 87 | + // Number of bad tokens (remaining) before giving up. | |
| 88 | + int max_bad_count{15}; | |
| 87 | 89 | // Number of good tokens since last bad token. Irrelevant if bad_count == 0. |
| 88 | - int good_count = 0; | |
| 90 | + int good_count{0}; | |
| 89 | 91 | // Start offset including any leading whitespace. |
| 90 | 92 | qpdf_offset_t start; |
| 91 | 93 | // Number of successive integer tokens. | ... | ... |