-
Reject non-dictionary Page and Pages objects. Also add additional qpdf_fuzzer test cases.
-
Add test case for oss-fuzz 15471 and 69977a
-
Fixes oss-fuzz 70055
-
Add extra fuzz test case and amend memory limit for Pl_DCT.
-
Also, add diagnostic messages in qpdf_fuzzer and additional fuzz test case.
-
In QPDF::read_xrefEntry add buffer overflow test for first eol character. Overlong f1 or f2 entries consisting only of zeros could cause a buffer overflow. Add fuzz testcase 69913.
-
Also add new fuzz test case.
-
Code failed to allow for QPDF::getCompressibleObjSet deleting objects from the object cache in case of multiple entries for the same object id. Add fuzz test case 68668.
-
Add fuzz case 68377.
-
Fix two errors introduced in #1110 and #1112. Since #1110, encountering the invalid indirect reference #1110 -2147483648 n R produces an integer underflow which, if undetected, immediately trigger a logic error. Since #1112, object -1 0 R may be incorrectly identified as an earlier generation of itself and deleted, invalidating a live iterator.
-
It is possible to reproduce the failure with this file following the instructions with oss-fuzz, though it does not cause a failure in CI. The failure was introduced in 18c1ffe0df335a46cddbeb96e2cb939d850df9fa.
-
Ordinarily the trailer doesn't contain any strings, so this is usually a non-issue, but if the trailer contains strings, linearizing and encrypting with object streams would include encrypted strings in the trailer, which would blow out the padding because encrypted strings are longer than their cleartext counterparts.