diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index 0b24bc8..288c168 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -156,6 +156,7 @@ set(CORPUS_OTHER 394129398.fuzz 394463491.fuzz 398060137.fuzz + 409905355.fuzz ) set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus) diff --git a/fuzz/qpdf_extra/409905355.fuzz b/fuzz/qpdf_extra/409905355.fuzz new file mode 100644 index 0000000..8d5361e --- /dev/null +++ b/fuzz/qpdf_extra/409905355.fuzz diff --git a/fuzz/qtest/fuzz.test b/fuzz/qtest/fuzz.test index 6bde52e..12229d0 100644 --- a/fuzz/qtest/fuzz.test +++ b/fuzz/qtest/fuzz.test @@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz'); my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS"; -my $n_qpdf_files = 93; # increment when adding new files +my $n_qpdf_files = 94; # increment when adding new files my @fuzzers = ( ['ascii85' => 1], diff --git a/libqpdf/QPDFFormFieldObjectHelper.cc b/libqpdf/QPDFFormFieldObjectHelper.cc index 77d1e84..4ce81b7 100644 --- a/libqpdf/QPDFFormFieldObjectHelper.cc +++ b/libqpdf/QPDFFormFieldObjectHelper.cc @@ -585,17 +585,16 @@ ValueSetter::writeAppearance() int wanted_first = QIntC::to_int(found_idx) - 1; int wanted_last = QIntC::to_int(found_idx + max_rows) - 2; QTC::TC("qpdf", "QPDFFormFieldObjectHelper list found"); - while (wanted_first < 0) { + if (wanted_first < 0) { QTC::TC("qpdf", "QPDFFormFieldObjectHelper list first too low"); - ++wanted_first; - ++wanted_last; + wanted_last -= wanted_first; + wanted_first = 0; } - while (wanted_last >= QIntC::to_int(nopt)) { + if (wanted_last >= QIntC::to_int(nopt)) { QTC::TC("qpdf", "QPDFFormFieldObjectHelper list last too high"); - if (wanted_first > 0) { - --wanted_first; - } - --wanted_last; + auto diff = wanted_last - QIntC::to_int(nopt) + 1; + wanted_first = std::max(0, wanted_first - diff); + wanted_last -= diff; } highlight = true; highlight_idx = found_idx - QIntC::to_size(wanted_first);