Commit dadf8307c83706c3b097bc4b1fe7b24defbebb8e
1 parent
456c285b
Fix fuzz issues 15316 and 15390
Showing
3 changed files
with
9 additions
and
0 deletions
fuzz/qpdf_extra/15316.fuzz
0 → 100644
fuzz/qpdf_extra/15390.fuzz
0 → 100644
No preview for this file type
libqpdf/QPDF.cc
| @@ -4,6 +4,7 @@ | @@ -4,6 +4,7 @@ | ||
| 4 | #include <vector> | 4 | #include <vector> |
| 5 | #include <map> | 5 | #include <map> |
| 6 | #include <algorithm> | 6 | #include <algorithm> |
| 7 | +#include <limits> | ||
| 7 | #include <stdlib.h> | 8 | #include <stdlib.h> |
| 8 | #include <string.h> | 9 | #include <string.h> |
| 9 | #include <memory.h> | 10 | #include <memory.h> |
| @@ -2151,6 +2152,11 @@ QPDFObjectHandle | @@ -2151,6 +2152,11 @@ QPDFObjectHandle | ||
| 2151 | QPDF::makeIndirectObject(QPDFObjectHandle oh) | 2152 | QPDF::makeIndirectObject(QPDFObjectHandle oh) |
| 2152 | { | 2153 | { |
| 2153 | int max_objid = toI(getObjectCount()); | 2154 | int max_objid = toI(getObjectCount()); |
| 2155 | + if (max_objid == std::numeric_limits<int>::max()) | ||
| 2156 | + { | ||
| 2157 | + throw std::range_error( | ||
| 2158 | + "max object id is too high to create new objects"); | ||
| 2159 | + } | ||
| 2154 | QPDFObjGen next(max_objid + 1, 0); | 2160 | QPDFObjGen next(max_objid + 1, 0); |
| 2155 | this->m->obj_cache[next] = | 2161 | this->m->obj_cache[next] = |
| 2156 | ObjCache(QPDFObjectHandle::ObjAccessor::getObject(oh), -1, -1); | 2162 | ObjCache(QPDFObjectHandle::ObjAccessor::getObject(oh), -1, -1); |