Commit dadf8307c83706c3b097bc4b1fe7b24defbebb8e
1 parent
456c285b
Fix fuzz issues 15316 and 15390
Showing
3 changed files
with
9 additions
and
0 deletions
fuzz/qpdf_extra/15316.fuzz
0 → 100644
fuzz/qpdf_extra/15390.fuzz
0 → 100644
No preview for this file type
libqpdf/QPDF.cc
| ... | ... | @@ -4,6 +4,7 @@ |
| 4 | 4 | #include <vector> |
| 5 | 5 | #include <map> |
| 6 | 6 | #include <algorithm> |
| 7 | +#include <limits> | |
| 7 | 8 | #include <stdlib.h> |
| 8 | 9 | #include <string.h> |
| 9 | 10 | #include <memory.h> |
| ... | ... | @@ -2151,6 +2152,11 @@ QPDFObjectHandle |
| 2151 | 2152 | QPDF::makeIndirectObject(QPDFObjectHandle oh) |
| 2152 | 2153 | { |
| 2153 | 2154 | int max_objid = toI(getObjectCount()); |
| 2155 | + if (max_objid == std::numeric_limits<int>::max()) | |
| 2156 | + { | |
| 2157 | + throw std::range_error( | |
| 2158 | + "max object id is too high to create new objects"); | |
| 2159 | + } | |
| 2154 | 2160 | QPDFObjGen next(max_objid + 1, 0); |
| 2155 | 2161 | this->m->obj_cache[next] = |
| 2156 | 2162 | ObjCache(QPDFObjectHandle::ObjAccessor::getObject(oh), -1, -1); | ... | ... |