Commit a84a0b248768dcbab7fc007bb22a258cac9e4131
1 parent
ec09b914
Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740)
Showing
3 changed files
with
4 additions
and
0 deletions
ChangeLog
| 1 | 2021-11-04 Jay Berkenbilt <ejb@ql.org> | 1 | 2021-11-04 Jay Berkenbilt <ejb@ql.org> |
| 2 | 2 | ||
| 3 | + * Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740). | ||
| 4 | + | ||
| 3 | * Add QIntC::range_check_substract to do range checking on | 5 | * Add QIntC::range_check_substract to do range checking on |
| 4 | subtraction, which has different boundary conditions from | 6 | subtraction, which has different boundary conditions from |
| 5 | addition. | 7 | addition. |
fuzz/qpdf_extra/37740.fuzz
0 → 100644
No preview for this file type
libqpdf/QPDFNumberTreeObjectHelper.cc
| 1 | #include <qpdf/QPDFNumberTreeObjectHelper.hh> | 1 | #include <qpdf/QPDFNumberTreeObjectHelper.hh> |
| 2 | #include <qpdf/NNTree.hh> | 2 | #include <qpdf/NNTree.hh> |
| 3 | +#include <qpdf/QIntC.hh> | ||
| 3 | 4 | ||
| 4 | class NumberTreeDetails: public NNTreeDetails | 5 | class NumberTreeDetails: public NNTreeDetails |
| 5 | { | 6 | { |
| @@ -235,6 +236,7 @@ QPDFNumberTreeObjectHelper::findObjectAtOrBelow( | @@ -235,6 +236,7 @@ QPDFNumberTreeObjectHelper::findObjectAtOrBelow( | ||
| 235 | return false; | 236 | return false; |
| 236 | } | 237 | } |
| 237 | oh = i->second; | 238 | oh = i->second; |
| 239 | + QIntC::range_check_substract(idx, i->first); | ||
| 238 | offset = idx - i->first; | 240 | offset = idx - i->first; |
| 239 | return true; | 241 | return true; |
| 240 | } | 242 | } |