octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2024-11-09 14:50:58 +00:00
Code Issues Releases Wiki Activity

Reduce Pl_DCT and Pl_Flate memory limits during fuzzing

Browse Source 
Also, add additional qpdf_fuzzer test case.
This commit is contained in:
m-holger 2024-08-03 10:57:21 +01:00
parent 99f3a7b5a3
commit 5edb548148
5 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fuzz/CMakeLists.txt
View File

@ -100,6 +100,7 @@ set(CORPUS_OTHER
16953.fuzz 16953.fuzz
17630.fuzz 17630.fuzz
17630a.fuzz 17630a.fuzz
17630b.fuzz
18241.fuzz 18241.fuzz
18247.fuzz 18247.fuzz
23172.fuzz 23172.fuzz

2
fuzz/dct_fuzzer.cc
View File

@ -30,7 +30,7 @@ FuzzHelper::doChecks()
// fuzzing is due to corrupt JPEG data which sometimes cannot be detected before // fuzzing is due to corrupt JPEG data which sometimes cannot be detected before
// jpeg_start_decompress is called. During normal use of qpdf very large JPEGs can occasionally // jpeg_start_decompress is called. During normal use of qpdf very large JPEGs can occasionally
// occur legitimately and therefore must be allowed during normal operations. // occur legitimately and therefore must be allowed during normal operations.
Pl_DCT::setMemoryLimit(1'000'000'000); Pl_DCT::setMemoryLimit(200'000'000);
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without // Do not decompress corrupt data. This may cause extended runtime within jpeglib without
// exercising additional code paths in qpdf. // exercising additional code paths in qpdf.

BIN
fuzz/qpdf_extra/17630b.fuzz Normal file
View File

Binary file not shown.

4
fuzz/qpdf_fuzzer.cc
View File

@ -180,11 +180,11 @@ FuzzHelper::doChecks()
// fuzzing is due to corrupt JPEG data which sometimes cannot be detected before // fuzzing is due to corrupt JPEG data which sometimes cannot be detected before
// jpeg_start_decompress is called. During normal use of qpdf very large JPEGs can occasionally // jpeg_start_decompress is called. During normal use of qpdf very large JPEGs can occasionally
// occur legitimately and therefore must be allowed during normal operations. // occur legitimately and therefore must be allowed during normal operations.
Pl_DCT::setMemoryLimit(1'000'000'000); Pl_DCT::setMemoryLimit(100'000'000);
Pl_PNGFilter::setMemoryLimit(1'000'000); Pl_PNGFilter::setMemoryLimit(1'000'000);
Pl_TIFFPredictor::setMemoryLimit(1'000'000); Pl_TIFFPredictor::setMemoryLimit(1'000'000);
Pl_Flate::setMemoryLimit(10'000'000); Pl_Flate::setMemoryLimit(1'000'000);
// Do not decompress corrupt data. This may cause extended runtime within jpeglib without // Do not decompress corrupt data. This may cause extended runtime within jpeglib without
// exercising additional code paths in qpdf, and potentially causing counterproductive timeouts. // exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.

2
fuzz/qtest/fuzz.test
View File

@ -21,7 +21,7 @@ my @fuzzers = (
['pngpredictor' => 1], ['pngpredictor' => 1],
['runlength' => 6], ['runlength' => 6],
['tiffpredictor' => 2], ['tiffpredictor' => 2],
['qpdf' => 73], # increment when adding new files ['qpdf' => 74], # increment when adding new files
); );
my $n_tests = 0; my $n_tests = 0;