octoleo
/
qpdf
mirror of https://github.com/qpdf/qpdf.git
2
1
Fork 0
Code Issues Releases Wiki Activity

Fix fuzz issue 15475

This commit is contained in:
Jay Berkenbilt 2019-08-25 21:23:19 -04:00
parent 94e86e2528
commit 6bc4cc3d48
3 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fuzz/lzw_fuzzer_seed_corpus/a19f987b885f5a96069f4bc7f12b9e84ceba7dfa Normal file
View File

@ -0,0 +1 @@
<EFBFBD><EFBFBD>

2
fuzz/qtest/fuzz.test
View File

@ -23,7 +23,7 @@ my @fuzzers = (
['dct' => 1], ['dct' => 1],
['flate' => 1], ['flate' => 1],
['hex' => 1], ['hex' => 1],
['lzw' => 1], ['lzw' => 2],
['pngpredictor' => 1], ['pngpredictor' => 1],
['runlength' => 6], ['runlength' => 6],
['tiffpredictor' => 1], ['tiffpredictor' => 1],

16
libqpdf/Pl_LZWDecoder.cc
View File

@ -107,7 +107,7 @@ Pl_LZWDecoder::getFirstChar(unsigned int code)
unsigned int idx = code - 258; unsigned int idx = code - 258;
if (idx >= table.size()) if (idx >= table.size())
{ {
throw std::logic_error( throw std::runtime_error(
"Pl_LZWDecoder::getFirstChar: table overflow"); "Pl_LZWDecoder::getFirstChar: table overflow");
} }
Buffer& b = table.at(idx); Buffer& b = table.at(idx);
@ -115,7 +115,7 @@ Pl_LZWDecoder::getFirstChar(unsigned int code)
} }
else else
{ {
throw std::logic_error( throw std::runtime_error(
"Pl_LZWDecoder::getFirstChar called with invalid code (" + "Pl_LZWDecoder::getFirstChar called with invalid code (" +
QUtil::int_to_string(code) + ")"); QUtil::int_to_string(code) + ")");
} }
@ -140,7 +140,7 @@ Pl_LZWDecoder::addToTable(unsigned char next)
unsigned int idx = this->last_code - 258; unsigned int idx = this->last_code - 258;
if (idx >= table.size()) if (idx >= table.size())
{ {
throw std::logic_error( throw std::runtime_error(
"Pl_LZWDecoder::addToTable: table overflow"); "Pl_LZWDecoder::addToTable: table overflow");
} }
Buffer& b = table.at(idx); Buffer& b = table.at(idx);
@ -149,7 +149,7 @@ Pl_LZWDecoder::addToTable(unsigned char next)
} }
else else
{ {
throw std::logic_error( throw std::runtime_error(
"Pl_LZWDecoder::addToTable called with invalid code (" + "Pl_LZWDecoder::addToTable called with invalid code (" +
QUtil::int_to_string(this->last_code) + ")"); QUtil::int_to_string(this->last_code) + ")");
} }
@ -239,7 +239,13 @@ Pl_LZWDecoder::handleCode(unsigned int code)
} }
else else
{ {
Buffer& b = table.at(code - 258); unsigned int idx = code - 258;
if (idx >= table.size())
{
throw std::runtime_error(
"Pl_LZWDecoder::handleCode: table overflow");
}
Buffer& b = table.at(idx);
getNext()->write(b.getBuffer(), b.getSize()); getNext()->write(b.getBuffer(), b.getSize());
} }
} }