OpenSystemsDevelopment / qpdf

Commit 9e1897259525907dd0c0d03875ef047c825f0643

Authored by m-holger
Committed by GitHub
2 parents ac94437a a0782656

Merge pull request #1437 from m-holger/fuzz 

Detect shared /Kids arrays in pages tree
Inline Side-by-side
Showing 4 changed files with 10 additions and 1 deletions
fuzz/CMakeLists.txt
  View file @9e18972
... ... @@ -157,6 +157,7 @@ set(CORPUS_OTHER
157 157 394463491.fuzz
158 158 398060137.fuzz
159 159 409905355.fuzz
  160 + 411312393.fuzz
160 161 )
161 162  
162 163 set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
... ...
fuzz/qpdf_extra/411312393.fuzz 0 → 100644
View file @9e18972
No preview for this file type
fuzz/qtest/fuzz.test
  View file @9e18972
... ... @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz');
11 11  
12 12 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
13 13  
14   -my $n_qpdf_files = 94; # increment when adding new files
  14 +my $n_qpdf_files = 95; # increment when adding new files
15 15  
16 16 my @fuzzers = (
17 17 ['ascii85' => 1],
... ...
libqpdf/QPDF_pages.cc
  View file @9e18972
... ... @@ -109,6 +109,14 @@ QPDF::getAllPagesInternal(
109 109 QTC::TC("qpdf", "QPDF inherit mediabox", media_box ? 0 : 1);
110 110 }
111 111 auto kids = cur_node.getKey("/Kids");
  112 + if (!visited.add(kids)) {
  113 + throw QPDFExc(
  114 + qpdf_e_pages,
  115 + m->file->getName(),
  116 + "object " + cur_node.getObjGen().unparse(' '),
  117 + 0,
  118 + "Loop detected in /Pages structure (getAllPages)");
  119 + }
112 120 int i = -1;
113 121 for (auto& kid: kids.as_array()) {
114 122 ++i;
... ...