mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 10:58:58 +00:00
Add sanity check on trailer /Size entry
This commit is contained in:
parent
44a1395194
commit
21f176d374
@ -1057,7 +1057,10 @@ QPDF::Xref_table::process_section(qpdf_offset_t xref_offset)
|
||||
QTC::TC("qpdf", "QPDF trailer size not integer");
|
||||
throw qpdf.damagedPDF("trailer", "/Size key in trailer dictionary is not an integer");
|
||||
}
|
||||
|
||||
if (sz >= static_cast<unsigned int>(max_id_)) {
|
||||
QTC::TC("qpdf", "QPDF trailer size impossibly large");
|
||||
throw qpdf.damagedPDF("trailer", "/Size key in trailer dictionary is impossibly large");
|
||||
}
|
||||
table.resize(sz);
|
||||
}
|
||||
|
||||
|
@ -55,6 +55,7 @@ QPDF invalid xref entry 0
|
||||
QPDF missing trailer 0
|
||||
QPDF trailer lacks size 0
|
||||
QPDF trailer size not integer 0
|
||||
QPDF trailer size impossibly large 0
|
||||
QPDF trailer prev not integer 0
|
||||
QPDFParser bad brace 0
|
||||
QPDFParser bad brace in parseRemainder 0
|
||||
|
19
qpdf/qtest/qpdf/issue-fuzz.out
Normal file
19
qpdf/qtest/qpdf/issue-fuzz.out
Normal file
@ -0,0 +1,19 @@
|
||||
WARNING: issue-fuzz.pdf: can't find PDF header
|
||||
WARNING: issue-fuzz.pdf (xref table, offset 19): accepting invalid xref table entry
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 36): unknown token while reading object; treating as string
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 53): unexpected >
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 54): unknown token while reading object; treating as string
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 58): unknown token while reading object; treating as string
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 72): unknown token while reading object; treating as string
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 36): dictionary ended prematurely; using null as value for last key
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 36): expected dictionary key but found non-name object; inserting key /QPDFFake1
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 36): expected dictionary key but found non-name object; inserting key /QPDFFake2
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 36): expected dictionary key but found non-name object; inserting key /QPDFFake3
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 36): expected dictionary key but found non-name object; inserting key /QPDFFake4
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 36): expected dictionary key but found non-name object; inserting key /QPDFFake5
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 36): expected dictionary key but found non-name object; inserting key /QPDFFake6
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 36): expected dictionary key but found non-name object; inserting key /QPDFFake7
|
||||
WARNING: issue-fuzz.pdf: file is damaged
|
||||
WARNING: issue-fuzz.pdf (trailer, offset 32): /Size key in trailer dictionary is impossibly large
|
||||
WARNING: issue-fuzz.pdf: Attempting to reconstruct cross-reference table
|
||||
qpdf: issue-fuzz.pdf: unable to find /Root dictionary
|
BIN
qpdf/qtest/qpdf/issue-fuzz.pdf
Normal file
BIN
qpdf/qtest/qpdf/issue-fuzz.pdf
Normal file
Binary file not shown.
@ -38,6 +38,7 @@ my @bug_tests = (
|
||||
["263", "empty xref stream", 2],
|
||||
["335a", "ozz-fuzz-12152", 2],
|
||||
["335b", "ozz-fuzz-14845", 2],
|
||||
["fuzz", "impossibly large trailer /Size"],
|
||||
# ["fuzz-16214", "stream in object stream", 3, "--preserve-unreferenced"],
|
||||
# When adding to this list, consider adding to CORPUS_FROM_TEST in
|
||||
# fuzz/CMakeLists.txt and updating the count in
|
||||
|
Loading…
Reference in New Issue
Block a user