Commit c1684eae9144129027642f5069a0fd97f0559ec8
1 parent
7f4a4df9
Check for overflow in page labels (fuzz issue 23599)
Showing
3 changed files
with
1 additions
and
1 deletions
TODO
| @@ -65,7 +65,6 @@ Fuzz Errors | @@ -65,7 +65,6 @@ Fuzz Errors | ||
| 65 | * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=<N> | 65 | * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=<N> |
| 66 | 66 | ||
| 67 | * New: | 67 | * New: |
| 68 | - * 23599: integer overflow: https://oss-fuzz.com/testcase?key=6290807920525312 | ||
| 69 | * 23642: leak: https://oss-fuzz.com/testcase-detail/4906569690251264 | 68 | * 23642: leak: https://oss-fuzz.com/testcase-detail/4906569690251264 |
| 70 | 69 | ||
| 71 | * Ignoring these: | 70 | * Ignoring these: |
fuzz/qpdf_extra/23599.fuzz
0 → 100644
No preview for this file type
libqpdf/QPDFPageLabelDocumentHelper.cc
| @@ -53,6 +53,7 @@ QPDFPageLabelDocumentHelper::getLabelForPage(long long page_idx) | @@ -53,6 +53,7 @@ QPDFPageLabelDocumentHelper::getLabelForPage(long long page_idx) | ||
| 53 | { | 53 | { |
| 54 | start = St.getIntValue(); | 54 | start = St.getIntValue(); |
| 55 | } | 55 | } |
| 56 | + QIntC::range_check(start, offset); | ||
| 56 | start += offset; | 57 | start += offset; |
| 57 | result = QPDFObjectHandle::newDictionary(); | 58 | result = QPDFObjectHandle::newDictionary(); |
| 58 | result.replaceOrRemoveKey("/S", S); | 59 | result.replaceOrRemoveKey("/S", S); |