2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 10:58:58 +00:00

Merge pull request #1285 from m-holger/fuzz

Adjust fuzzer Pl_Flate memory limits
This commit is contained in:
m-holger 2024-09-18 00:56:25 +01:00 committed by GitHub
commit 4b245364ca
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 10 additions and 16 deletions

View File

@ -141,6 +141,7 @@ set(CORPUS_OTHER
70306a.fuzz
70306b.fuzz
71624.fuzz
71689.fuzz
)
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)

View File

@ -109,7 +109,7 @@ FuzzHelper::doChecks()
Pl_PNGFilter::setMemoryLimit(1'000'000);
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(200'000);
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.

View File

@ -109,7 +109,7 @@ FuzzHelper::doChecks()
Pl_PNGFilter::setMemoryLimit(1'000'000);
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(200'000);
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.

BIN
fuzz/qpdf_extra/71689.fuzz Normal file

Binary file not shown.

View File

@ -93,13 +93,6 @@ FuzzHelper::testWrite()
w->setDeterministicID(true);
w->setQDFMode(true);
doWrite(w);
q = getQpdf();
w = getWriter(q);
w->setStaticID(true);
w->setLinearization(true);
w->setR6EncryptionParameters("u", "o", true, true, true, true, true, true, qpdf_r3p_full, true);
doWrite(w);
}
void
@ -114,7 +107,7 @@ FuzzHelper::doChecks()
Pl_PNGFilter::setMemoryLimit(1'000'000);
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(200'000);
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.

View File

@ -108,7 +108,7 @@ FuzzHelper::doChecks()
Pl_PNGFilter::setMemoryLimit(1'000'000);
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(200'000);
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.

View File

@ -85,7 +85,7 @@ FuzzHelper::doChecks()
Pl_PNGFilter::setMemoryLimit(1'000'000);
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(200'000);
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.

View File

@ -106,7 +106,7 @@ FuzzHelper::doChecks()
Pl_PNGFilter::setMemoryLimit(1'000'000);
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(200'000);
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.

View File

@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz');
my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
my $n_qpdf_files = 78; # increment when adding new files
my $n_qpdf_files = 79; # increment when adding new files
my @fuzzers = (
['ascii85' => 1],

View File

@ -181,7 +181,7 @@ Pl_Flate::handleData(unsigned char const* data, size_t len, int flush)
}
uLong ready = QIntC::to_ulong(m->out_bufsize - zstream.avail_out);
if (ready > 0) {
if (memory_limit) {
if (memory_limit && m->action != a_deflate) {
m->written += ready;
if (m->written > memory_limit) {
throw std::runtime_error("PL_Flate memory limit exceeded");
@ -205,7 +205,7 @@ void
Pl_Flate::finish()
{
if (m->written > memory_limit) {
return;
throw std::runtime_error("PL_Flate memory limit exceeded");
}
try {
if (m->outbuf.get()) {