mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 10:58:58 +00:00
Merge pull request #1285 from m-holger/fuzz
Adjust fuzzer Pl_Flate memory limits
This commit is contained in:
commit
4b245364ca
@ -141,6 +141,7 @@ set(CORPUS_OTHER
|
||||
70306a.fuzz
|
||||
70306b.fuzz
|
||||
71624.fuzz
|
||||
71689.fuzz
|
||||
)
|
||||
|
||||
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
|
||||
|
@ -109,7 +109,7 @@ FuzzHelper::doChecks()
|
||||
|
||||
Pl_PNGFilter::setMemoryLimit(1'000'000);
|
||||
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(200'000);
|
||||
|
||||
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
|
||||
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.
|
||||
|
@ -109,7 +109,7 @@ FuzzHelper::doChecks()
|
||||
|
||||
Pl_PNGFilter::setMemoryLimit(1'000'000);
|
||||
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(200'000);
|
||||
|
||||
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
|
||||
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.
|
||||
|
BIN
fuzz/qpdf_extra/71689.fuzz
Normal file
BIN
fuzz/qpdf_extra/71689.fuzz
Normal file
Binary file not shown.
@ -93,13 +93,6 @@ FuzzHelper::testWrite()
|
||||
w->setDeterministicID(true);
|
||||
w->setQDFMode(true);
|
||||
doWrite(w);
|
||||
|
||||
q = getQpdf();
|
||||
w = getWriter(q);
|
||||
w->setStaticID(true);
|
||||
w->setLinearization(true);
|
||||
w->setR6EncryptionParameters("u", "o", true, true, true, true, true, true, qpdf_r3p_full, true);
|
||||
doWrite(w);
|
||||
}
|
||||
|
||||
void
|
||||
@ -114,7 +107,7 @@ FuzzHelper::doChecks()
|
||||
|
||||
Pl_PNGFilter::setMemoryLimit(1'000'000);
|
||||
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(200'000);
|
||||
|
||||
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
|
||||
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.
|
||||
|
@ -108,7 +108,7 @@ FuzzHelper::doChecks()
|
||||
|
||||
Pl_PNGFilter::setMemoryLimit(1'000'000);
|
||||
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(200'000);
|
||||
|
||||
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
|
||||
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.
|
||||
|
@ -85,7 +85,7 @@ FuzzHelper::doChecks()
|
||||
|
||||
Pl_PNGFilter::setMemoryLimit(1'000'000);
|
||||
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(200'000);
|
||||
|
||||
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
|
||||
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.
|
||||
|
@ -106,7 +106,7 @@ FuzzHelper::doChecks()
|
||||
|
||||
Pl_PNGFilter::setMemoryLimit(1'000'000);
|
||||
Pl_TIFFPredictor::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(1'000'000);
|
||||
Pl_Flate::setMemoryLimit(200'000);
|
||||
|
||||
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without
|
||||
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.
|
||||
|
@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz');
|
||||
|
||||
my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
|
||||
|
||||
my $n_qpdf_files = 78; # increment when adding new files
|
||||
my $n_qpdf_files = 79; # increment when adding new files
|
||||
|
||||
my @fuzzers = (
|
||||
['ascii85' => 1],
|
||||
|
@ -181,7 +181,7 @@ Pl_Flate::handleData(unsigned char const* data, size_t len, int flush)
|
||||
}
|
||||
uLong ready = QIntC::to_ulong(m->out_bufsize - zstream.avail_out);
|
||||
if (ready > 0) {
|
||||
if (memory_limit) {
|
||||
if (memory_limit && m->action != a_deflate) {
|
||||
m->written += ready;
|
||||
if (m->written > memory_limit) {
|
||||
throw std::runtime_error("PL_Flate memory limit exceeded");
|
||||
@ -205,7 +205,7 @@ void
|
||||
Pl_Flate::finish()
|
||||
{
|
||||
if (m->written > memory_limit) {
|
||||
return;
|
||||
throw std::runtime_error("PL_Flate memory limit exceeded");
|
||||
}
|
||||
try {
|
||||
if (m->outbuf.get()) {
|
||||
|
Loading…
Reference in New Issue
Block a user