octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2025-01-02 22:50:20 +00:00
Code Issues Releases Wiki Activity

Merge pull request #1237 from m-holger/fuzz

Browse Source 
Add extra sanity check on pages tree
This commit is contained in:
m-holger 2024-07-11 01:02:27 +01:00 committed by GitHub
commit 205bd6fb61
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fuzz/CMakeLists.txt
View File

@ -124,7 +124,10 @@ set(CORPUS_OTHER
69969.fuzz 69969.fuzz
69977.fuzz 69977.fuzz
69977a.fuzz 69977a.fuzz
69977b.fuzz
69977c.fuzz
70055.fuzz 70055.fuzz
4599089157701632.fuzz
) )
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus) set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)

BIN
fuzz/qpdf_extra/4599089157701632.fuzz Normal file
View File

Binary file not shown.

BIN
fuzz/qpdf_extra/69977b.fuzz Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
fuzz/qpdf_extra/69977c.fuzz Normal file
View File

Binary file not shown.

2
fuzz/qtest/fuzz.test
View File

@ -21,7 +21,7 @@ my @fuzzers = (
['pngpredictor' => 1], ['pngpredictor' => 1],
['runlength' => 6], ['runlength' => 6],
['tiffpredictor' => 2], ['tiffpredictor' => 2],
['qpdf' => 67], # increment when adding new files ['qpdf' => 70], # increment when adding new files
); );
my $n_tests = 0; my $n_tests = 0;

4
libqpdf/QPDF_pages.cc
View File

@ -98,6 +98,10 @@ QPDF::getAllPagesInternal(
int n = kids.getArrayNItems(); int n = kids.getArrayNItems();
for (int i = 0; i < n; ++i) { for (int i = 0; i < n; ++i) {
auto kid = kids.getArrayItem(i); auto kid = kids.getArrayItem(i);
if (!kid.isDictionary()) {
kid.warnIfPossible("Pages tree includes non-dictionary object; removing");
continue;
}
if (kid.hasKey("/Kids")) { if (kid.hasKey("/Kids")) {
getAllPagesInternal(kid, visited, seen, media_box); getAllPagesInternal(kid, visited, seen, media_box);
} else { } else {