Fix fuzz issue 16172 (overflow checking in OffsetInputSource)

fuzz/qpdf_extra/16172.fuzz

@@ -0,0 +1 @@
+  ˙%PDF-1.4startxref 9223372036854775805

libqpdf/OffsetInputSource.cc

@@ -1,10 +1,20 @@
 #include <qpdf/OffsetInputSource.hh>
+#include <limits>
+#include <sstream>
+#include <stdexcept>
 
 OffsetInputSource::OffsetInputSource(PointerHolder<InputSource> proxied,
                                      qpdf_offset_t global_offset) :
     proxied(proxied),
     global_offset(global_offset)
 {
+    if (global_offset < 0)
+    {
+        throw std::logic_error(
+            "OffsetInputSource constructed with negative offset");
+    }
+    this->max_safe_offset =
+        std::numeric_limits<qpdf_offset_t>::max() - global_offset;
 }
 
 OffsetInputSource::~OffsetInputSource()
@@ -34,12 +44,25 @@ OffsetInputSource::seek(qpdf_offset_t offset, int whence)
 {
     if (whence == SEEK_SET)
     {
+        if (offset > this->max_safe_offset)
+        {
+            std::ostringstream msg;
+            msg << "seeking to " << offset
+                << " offset by " << global_offset
+                << " would cause an overflow of the offset type";
+            throw std::range_error(msg.str());
+        }
         this->proxied->seek(offset + global_offset, whence);
     }
     else
     {
         this->proxied->seek(offset, whence);
     }
+    if (tell() < 0)
+    {
+        throw std::runtime_error(
+            "offset input source: seek before beginning of file");
+    }
 }
 
 void

libqpdf/qpdf/OffsetInputSource.hh

@@ -24,6 +24,7 @@ class OffsetInputSource: public InputSource
   private:
     PointerHolder<InputSource> proxied;
     qpdf_offset_t global_offset;
+    qpdf_offset_t max_safe_offset;
 };
 
 #endif // QPDF_OFFSETINPUTSOURCE_HH