mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-31 22:11:53 +00:00
Fix fuzz issue 16172 (overflow checking in OffsetInputSource)
This commit is contained in:
parent
ad8081daf5
commit
456c285b02
1
fuzz/qpdf_extra/16172.fuzz
Normal file
1
fuzz/qpdf_extra/16172.fuzz
Normal file
@ -0,0 +1 @@
|
||||
˙%PDF-1.4startxref 9223372036854775805
|
@ -1,10 +1,20 @@
|
||||
#include <qpdf/OffsetInputSource.hh>
|
||||
#include <limits>
|
||||
#include <sstream>
|
||||
#include <stdexcept>
|
||||
|
||||
OffsetInputSource::OffsetInputSource(PointerHolder<InputSource> proxied,
|
||||
qpdf_offset_t global_offset) :
|
||||
proxied(proxied),
|
||||
global_offset(global_offset)
|
||||
{
|
||||
if (global_offset < 0)
|
||||
{
|
||||
throw std::logic_error(
|
||||
"OffsetInputSource constructed with negative offset");
|
||||
}
|
||||
this->max_safe_offset =
|
||||
std::numeric_limits<qpdf_offset_t>::max() - global_offset;
|
||||
}
|
||||
|
||||
OffsetInputSource::~OffsetInputSource()
|
||||
@ -34,12 +44,25 @@ OffsetInputSource::seek(qpdf_offset_t offset, int whence)
|
||||
{
|
||||
if (whence == SEEK_SET)
|
||||
{
|
||||
if (offset > this->max_safe_offset)
|
||||
{
|
||||
std::ostringstream msg;
|
||||
msg << "seeking to " << offset
|
||||
<< " offset by " << global_offset
|
||||
<< " would cause an overflow of the offset type";
|
||||
throw std::range_error(msg.str());
|
||||
}
|
||||
this->proxied->seek(offset + global_offset, whence);
|
||||
}
|
||||
else
|
||||
{
|
||||
this->proxied->seek(offset, whence);
|
||||
}
|
||||
if (tell() < 0)
|
||||
{
|
||||
throw std::runtime_error(
|
||||
"offset input source: seek before beginning of file");
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
|
@ -24,6 +24,7 @@ class OffsetInputSource: public InputSource
|
||||
private:
|
||||
PointerHolder<InputSource> proxied;
|
||||
qpdf_offset_t global_offset;
|
||||
qpdf_offset_t max_safe_offset;
|
||||
};
|
||||
|
||||
#endif // QPDF_OFFSETINPUTSOURCE_HH
|
||||
|
Loading…
Reference in New Issue
Block a user