Commit dc92574c10f3e2516ec6445b88c5d584f40df4e5
1 parent
a9bdeeb0
Fix some pipelines to be safe if downstream write fails (fuzz issue 28262)
Showing
6 changed files
with
17 additions
and
6 deletions
ChangeLog
| 1 | +2021-01-04 Jay Berkenbilt <ejb@ql.org> | |
| 2 | + | |
| 3 | + * Move getNext()->write() calls in some pipelines to ensure that | |
| 4 | + state gates properly reset even if the next pipeline's write | |
| 5 | + throws an exception (fuzz issue 28262). | |
| 6 | + | |
| 1 | 7 | 2021-01-03 Jay Berkenbilt <ejb@ql.org> |
| 2 | 8 | |
| 3 | 9 | * Don't include -o nospace with zsh completion setup so file | ... | ... |
fuzz/qpdf_extra/28262.fuzz
0 → 100644
No preview for this file type
libqpdf/Pl_AES_PDF.cc
libqpdf/Pl_ASCII85Decoder.cc
| ... | ... | @@ -119,10 +119,13 @@ Pl_ASCII85Decoder::flush() |
| 119 | 119 | |
| 120 | 120 | QTC::TC("libtests", "Pl_ASCII85Decoder partial flush", |
| 121 | 121 | (this->pos == 5) ? 0 : 1); |
| 122 | - getNext()->write(outbuf, this->pos - 1); | |
| 123 | - | |
| 122 | + // Reset before calling getNext()->write in case that throws an | |
| 123 | + // exception. | |
| 124 | + auto t = this->pos - 1; | |
| 124 | 125 | this->pos = 0; |
| 125 | 126 | memset(this->inbuf, 117, 5); |
| 127 | + | |
| 128 | + getNext()->write(outbuf, t); | |
| 126 | 129 | } |
| 127 | 130 | |
| 128 | 131 | void | ... | ... |
libqpdf/Pl_ASCIIHexDecoder.cc
| ... | ... | @@ -97,12 +97,14 @@ Pl_ASCIIHexDecoder::flush() |
| 97 | 97 | |
| 98 | 98 | QTC::TC("libtests", "Pl_ASCIIHexDecoder partial flush", |
| 99 | 99 | (this->pos == 2) ? 0 : 1); |
| 100 | - getNext()->write(&ch, 1); | |
| 101 | - | |
| 100 | + // Reset before calling getNext()->write in case that throws an | |
| 101 | + // exception. | |
| 102 | 102 | this->pos = 0; |
| 103 | 103 | this->inbuf[0] = '0'; |
| 104 | 104 | this->inbuf[1] = '0'; |
| 105 | 105 | this->inbuf[2] = '\0'; |
| 106 | + | |
| 107 | + getNext()->write(&ch, 1); | |
| 106 | 108 | } |
| 107 | 109 | |
| 108 | 110 | void | ... | ... |
libqpdf/Pl_Count.cc