OpenSystemsDevelopment / qpdf

Reject objects containing arrays or dictionaries with more than 5000
elements. We are by definition dealing with damaged files, and such
objects are extremely likely to be invalid or malicious.

In QPDF::getAllPagesInternal include the /Kids array in the visited set
for loop detection.

Fixes oss-fuzz issue 411312393

Adjusting for under/overflow by repeated incrementing/decrementing can
cause excessive runtime with invalid BBox coordinates.

Fixes oss-fuzz issue 409905355.

#1349 introduced a limit on the maximum size of arrays and dictionaries
contained in objects that generate errors during parsing, and #1354
reduced that limit to 5000 objects. However, the limit was only imposed
once a further error was encountered.

Stop adding objects to containers once the limit is reached.

Fixes oss-fuzz issue 398060137

If a flate memory limit is set, reject decode parameters that would cause
the limit to be exceeded and treat stream as unfilterable.

Fixes oss-fuzz issue 394463491

Fail if a bad token is encountered while parsing an array or dictionary
with more than 100,000 elements.

Fixes oss-fuzz case 388571629.

Fixes oss-fuzz case 394129398.

Issue arose from chaining multiple runlength filters and inflating a
compressed stream of ~100 bytes to several gigabytes.

There is no obvious fix without imposing an arbitrary implementation limit
and therefore potentially excluding valid PDF files.

Check for direct outline items.

Fixes oss-fuzz case 	389339260.

Fixes oss-fuzz cases 376305073, 389974979 and 391974927.

This reverts commit 0e92cf6bf399249c603c3d0212e898fd29e71fcd, reversing
changes made to 7d34b89a69e8e89c098dd373442f7df809c28eff.

Tokens longer than the target cannot be a match and therefore there is no
need to read to the end of token.

Fixes fuzz issue 71689.

Ensure QPDF m->all_pages and invalid_page_found are reset if
getAllPagesInternal throws an exception.

Fixes fuzz case 71624.

Buffer output locally.
Add qpdf_fuzzer test case.

Also, add additional qpdf_fuzzer test case.

Reject non-dictionary Page and Pages objects.

Also add additional qpdf_fuzzer test cases.

Add test case for oss-fuzz 15471 and 69977a

Fixes oss-fuzz 70055

Add extra fuzz test case and amend memory limit for Pl_DCT.

Also, add diagnostic messages in qpdf_fuzzer and additional fuzz test case.

In QPDF::read_xrefEntry add buffer overflow test for first eol character.
Overlong f1 or f2 entries consisting only of zeros could cause a buffer
overflow.

Add fuzz testcase 69913.

Also add new fuzz test case.

Code failed to allow for QPDF::getCompressibleObjSet deleting objects
from the object cache in case of multiple entries for the same object id.

Add fuzz test case 68668.

Add fuzz case 68377.

...as well as some cases generated in CI from earlier attempts at
fixing this.

Fix two errors introduced in #1110 and #1112. Since
#1110, encountering the invalid indirect reference #1110
-2147483648 n R produces an integer underflow which, if
 undetected, immediately trigger a logic error. Since
 #1112, object -1 0 R may be incorrectly identified as
 an earlier generation of itself and deleted,
 invalidating a live iterator.

It is possible to reproduce the failure with this file following the
instructions with oss-fuzz, though it does not cause a failure in CI.

The failure was introduced in
18c1ffe0df335a46cddbeb96e2cb939d850df9fa.