Commit 8a11feacc32aa5dcf0130d7499535624805fc87e
1 parent
30bb4c64
Avoid leak by resolving object streams more than once (fuzz issue 23642)
Showing
7 changed files
with
182 additions
and
10 deletions
TODO
| 1 | 1 | Candidates for upcoming release |
| 2 | 2 | =============================== |
| 3 | 3 | |
| 4 | -* Fuzz crashes | |
| 5 | - * See "New" below | |
| 6 | - | |
| 7 | 4 | * Open "next" issues |
| 8 | 5 | * bugs |
| 9 | 6 | * #473: zsh completion with directories |
| ... | ... | @@ -64,9 +61,6 @@ Fuzz Errors |
| 64 | 61 | |
| 65 | 62 | * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=<N> |
| 66 | 63 | |
| 67 | -* New: | |
| 68 | - * 23642: leak: https://oss-fuzz.com/testcase-detail/4906569690251264 | |
| 69 | - | |
| 70 | 64 | * Ignoring these: |
| 71 | 65 | * Problems inside the jpeg library: 15470, 15751, 18633, 18732, |
| 72 | 66 | 18745, 20391, 23581 | ... | ... |
fuzz/qpdf_extra/23642-mod.fuzz
0 → 100644
No preview for this file type
fuzz/qpdf_extra/23642.fuzz
0 → 100644
No preview for this file type
include/qpdf/QPDF.hh
libqpdf/QPDF.cc
| ... | ... | @@ -2082,6 +2082,11 @@ QPDF::resolve(int objid, int generation) |
| 2082 | 2082 | void |
| 2083 | 2083 | QPDF::resolveObjectsInStream(int obj_stream_number) |
| 2084 | 2084 | { |
| 2085 | + if (this->m->resolved_object_streams.count(obj_stream_number)) | |
| 2086 | + { | |
| 2087 | + return; | |
| 2088 | + } | |
| 2089 | + this->m->resolved_object_streams.insert(obj_stream_number); | |
| 2085 | 2090 | // Force resolution of object stream |
| 2086 | 2091 | QPDFObjectHandle obj_stream = getObjectByID(obj_stream_number, 0); |
| 2087 | 2092 | if (! obj_stream.isStream()) | ... | ... |
qpdf/qtest/qpdf/fuzz-16214.out
| ... | ... | @@ -11,8 +11,6 @@ WARNING: fuzz-16214.pdf (object 1 0, offset 7189): expected n n obj |
| 11 | 11 | WARNING: fuzz-16214.pdf: Attempting to reconstruct cross-reference table |
| 12 | 12 | WARNING: fuzz-16214.pdf (offset 7207): error decoding stream data for object 2 0: stream inflate: inflate: data: invalid code lengths set |
| 13 | 13 | WARNING: fuzz-16214.pdf (offset 7207): getStreamData called on unfilterable stream |
| 14 | -WARNING: fuzz-16214.pdf (offset 7207): error decoding stream data for object 2 0: stream inflate: inflate: data: invalid code lengths set | |
| 15 | -WARNING: fuzz-16214.pdf (offset 7207): getStreamData called on unfilterable stream | |
| 16 | 14 | WARNING: fuzz-16214.pdf (object 11 0, offset 11551): supposed object stream 5 has wrong type |
| 17 | 15 | WARNING: fuzz-16214.pdf (object 21 0, offset 3639): expected endstream |
| 18 | 16 | WARNING: fuzz-16214.pdf (object 21 0, offset 3112): attempting to recover stream length | ... | ... |
qpdf/qtest/qpdf/issue-143.out
| ... | ... | @@ -15,6 +15,4 @@ WARNING: issue-143.pdf (object 1 0, offset 84): attempting to recover stream len |
| 15 | 15 | WARNING: issue-143.pdf (object 1 0, offset 84): recovered stream length: 606 |
| 16 | 16 | WARNING: issue-143.pdf object stream 1 (object 2 0, offset 33): expected dictionary key but found non-name object; inserting key /QPDFFake1 |
| 17 | 17 | WARNING: issue-143.pdf (object 2 0, offset 84): supposed object stream 12336 is not a stream |
| 18 | -WARNING: issue-143.pdf (object 2 0, offset 84): supposed object stream 12336 is not a stream | |
| 19 | -WARNING: issue-143.pdf (object 2 0, offset 84): supposed object stream 12336 is not a stream | |
| 20 | 18 | qpdf: operation succeeded with warnings; resulting file may have some problems | ... | ... |