Commit c2c1618e08f07a831a8bacff8d65aa75793d91d4
1 parent
2b6500ea
Add extra sanity check on pages tree
Reject non-dictionary Page and Pages objects. Also add additional qpdf_fuzzer test cases.
Showing
6 changed files
with
8 additions
and
1 deletions
fuzz/CMakeLists.txt
| @@ -124,7 +124,10 @@ set(CORPUS_OTHER | @@ -124,7 +124,10 @@ set(CORPUS_OTHER | ||
| 124 | 69969.fuzz | 124 | 69969.fuzz |
| 125 | 69977.fuzz | 125 | 69977.fuzz |
| 126 | 69977a.fuzz | 126 | 69977a.fuzz |
| 127 | + 69977b.fuzz | ||
| 128 | + 69977c.fuzz | ||
| 127 | 70055.fuzz | 129 | 70055.fuzz |
| 130 | + 4599089157701632.fuzz | ||
| 128 | ) | 131 | ) |
| 129 | 132 | ||
| 130 | set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus) | 133 | set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus) |
fuzz/qpdf_extra/4599089157701632.fuzz
0 โ 100644
No preview for this file type
fuzz/qpdf_extra/69977b.fuzz
0 โ 100644
No preview for this file type
fuzz/qpdf_extra/69977c.fuzz
0 โ 100644
No preview for this file type
fuzz/qtest/fuzz.test
| @@ -21,7 +21,7 @@ my @fuzzers = ( | @@ -21,7 +21,7 @@ my @fuzzers = ( | ||
| 21 | ['pngpredictor' => 1], | 21 | ['pngpredictor' => 1], |
| 22 | ['runlength' => 6], | 22 | ['runlength' => 6], |
| 23 | ['tiffpredictor' => 2], | 23 | ['tiffpredictor' => 2], |
| 24 | - ['qpdf' => 67], # increment when adding new files | 24 | + ['qpdf' => 70], # increment when adding new files |
| 25 | ); | 25 | ); |
| 26 | 26 | ||
| 27 | my $n_tests = 0; | 27 | my $n_tests = 0; |
libqpdf/QPDF_pages.cc
| @@ -98,6 +98,10 @@ QPDF::getAllPagesInternal( | @@ -98,6 +98,10 @@ QPDF::getAllPagesInternal( | ||
| 98 | int n = kids.getArrayNItems(); | 98 | int n = kids.getArrayNItems(); |
| 99 | for (int i = 0; i < n; ++i) { | 99 | for (int i = 0; i < n; ++i) { |
| 100 | auto kid = kids.getArrayItem(i); | 100 | auto kid = kids.getArrayItem(i); |
| 101 | + if (!kid.isDictionary()) { | ||
| 102 | + kid.warnIfPossible("Pages tree includes non-dictionary object; removing"); | ||
| 103 | + continue; | ||
| 104 | + } | ||
| 101 | if (kid.hasKey("/Kids")) { | 105 | if (kid.hasKey("/Kids")) { |
| 102 | getAllPagesInternal(kid, visited, seen, media_box); | 106 | getAllPagesInternal(kid, visited, seen, media_box); |
| 103 | } else { | 107 | } else { |