OpenSystemsDevelopment / qpdf

Commit c2c1618e08f07a831a8bacff8d65aa75793d91d4

Authored by m-holger
1 parent 2b6500ea

Add extra sanity check on pages tree 

Reject non-dictionary Page and Pages objects.

Also add additional qpdf_fuzzer test cases.
Inline Side-by-side
Showing 6 changed files with 8 additions and 1 deletions
fuzz/CMakeLists.txt
  View file @c2c1618
... ... @@ -124,7 +124,10 @@ set(CORPUS_OTHER
124 124 69969.fuzz
125 125 69977.fuzz
126 126 69977a.fuzz
  127 + 69977b.fuzz
  128 + 69977c.fuzz
127 129 70055.fuzz
  130 + 4599089157701632.fuzz
128 131 )
129 132  
130 133 set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
... ...
fuzz/qpdf_extra/4599089157701632.fuzz 0 โ†’ 100644
View file @c2c1618
No preview for this file type
fuzz/qpdf_extra/69977b.fuzz 0 โ†’ 100644
View file @c2c1618
No preview for this file type
fuzz/qpdf_extra/69977c.fuzz 0 โ†’ 100644
View file @c2c1618
No preview for this file type
fuzz/qtest/fuzz.test
  View file @c2c1618
... ... @@ -21,7 +21,7 @@ my @fuzzers = (
21 21 ['pngpredictor' => 1],
22 22 ['runlength' => 6],
23 23 ['tiffpredictor' => 2],
24   - ['qpdf' => 67], # increment when adding new files
  24 + ['qpdf' => 70], # increment when adding new files
25 25 );
26 26  
27 27 my $n_tests = 0;
... ...
libqpdf/QPDF_pages.cc
  View file @c2c1618
... ... @@ -98,6 +98,10 @@ QPDF::getAllPagesInternal(
98 98 int n = kids.getArrayNItems();
99 99 for (int i = 0; i < n; ++i) {
100 100 auto kid = kids.getArrayItem(i);
  101 + if (!kid.isDictionary()) {
  102 + kid.warnIfPossible("Pages tree includes non-dictionary object; removing");
  103 + continue;
  104 + }
101 105 if (kid.hasKey("/Kids")) {
102 106 getAllPagesInternal(kid, visited, seen, media_box);
103 107 } else {
... ...