Apply fuzzer Pl_Flate memory limit only when inflating

Fixes fuzz issue 71689.

Apply fuzzer Pl_Flate memory limit only when inflating
Fixes fuzz issue 71689.
m-holger
1 parent bcf56e53
Showing 5 changed files with 4 additions and 10 deletions
fuzz/CMakeLists.txt
fuzz/qpdf_extra/71689.fuzz
fuzz/qpdf_fuzzer.cc
fuzz/qtest/fuzz.test
libqpdf/Pl_Flate.cc
@@ -141,6 +141,7 @@ set(CORPUS_OTHER
   70306a.fuzz
   70306b.fuzz
   71624.fuzz
+  71689.fuzz
 )
  
 set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
@@ -93,13 +93,6 @@ FuzzHelper::testWrite()
     w->setDeterministicID(true);
     w->setQDFMode(true);
     doWrite(w);
-
-    q = getQpdf();
-    w = getWriter(q);
-    w->setStaticID(true);
-    w->setLinearization(true);
-    w->setR6EncryptionParameters("u", "o", true, true, true, true, true, true, qpdf_r3p_full, true);
-    doWrite(w);
 }
  
 void
@@ -11,7 +11,7 @@ my $td = new TestDriver(&#39;fuzz&#39;);
  
 my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
  
-my $n_qpdf_files = 78;       # increment when adding new files
+my $n_qpdf_files = 79;       # increment when adding new files
  
 my @fuzzers = (
     ['ascii85' => 1],
@@ -181,7 +181,7 @@ Pl_Flate::handleData(unsigned char const* data, size_t len, int flush)
                 }
                 uLong ready = QIntC::to_ulong(m->out_bufsize - zstream.avail_out);
                 if (ready > 0) {
-                    if (memory_limit) {
+                    if (memory_limit && m->action != a_deflate) {
                         m->written += ready;
                         if (m->written > memory_limit) {
                             throw std::runtime_error("PL_Flate memory limit exceeded");
@@ -205,7 +205,7 @@ void
 Pl_Flate::finish()
 {
     if (m->written > memory_limit) {
-        return;
+        throw std::runtime_error("PL_Flate memory limit exceeded");
     }
     try {
         if (m->outbuf.get()) {