mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 10:58:58 +00:00
Further limit size of uncompressed JPEG for fuzzing
Try a limit of 50MB. For very large limits processing time before damage is encountered may exceed oss-fuzz limits. Add further test cases.
This commit is contained in:
parent
e914bbbbbc
commit
722148de3d
Binary file not shown.
After Width: | Height: | Size: 28 KiB |
Binary file not shown.
After Width: | Height: | Size: 862 KiB |
@ -13,7 +13,7 @@ my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
|
||||
|
||||
my @fuzzers = (
|
||||
['ascii85' => 1],
|
||||
['dct' => 2],
|
||||
['dct' => 4],
|
||||
['flate' => 1],
|
||||
['hex' => 1],
|
||||
['json' => 40],
|
||||
|
@ -335,10 +335,11 @@ Pl_DCT::decompress(void* cinfo_p, Buffer* b)
|
||||
(void)jpeg_calc_output_dimensions(cinfo);
|
||||
unsigned int width = cinfo->output_width * QIntC::to_uint(cinfo->output_components);
|
||||
if (memory_limit > 0 &&
|
||||
width > (static_cast<unsigned long>(memory_limit) / (2U * cinfo->output_height))) {
|
||||
// Even if jpeglib does not run out of memory, qpdf will while buffering thye data before
|
||||
// writing it.
|
||||
throw std::runtime_error("Pl_DCT::decompress: JPEG data exceeds memory limit");
|
||||
width > (static_cast<unsigned long>(memory_limit) / (20U * cinfo->output_height))) {
|
||||
// Even if jpeglib does not run out of memory, qpdf will while buffering the data before
|
||||
// writing it. Furthermore, for very large images runtime can be significant before the
|
||||
// first warning is encountered causing a timeout in oss-fuzz.
|
||||
throw std::runtime_error("Pl_DCT::decompress: JPEG data large - may be too slow");
|
||||
}
|
||||
JSAMPARRAY buffer =
|
||||
(*cinfo->mem->alloc_sarray)(reinterpret_cast<j_common_ptr>(cinfo), JPOOL_IMAGE, width, 1);
|
||||
|
@ -99,7 +99,7 @@ QPDF::getAllPagesInternal(
|
||||
for (int i = 0; i < n; ++i) {
|
||||
auto kid = kids.getArrayItem(i);
|
||||
if (!kid.isDictionary()) {
|
||||
kid.warnIfPossible("Pages tree includes non-dictionary object; removing");
|
||||
kid.warnIfPossible("Pages tree includes non-dictionary object; ignoring");
|
||||
continue;
|
||||
}
|
||||
if (kid.hasKey("/Kids")) {
|
||||
|
Loading…
Reference in New Issue
Block a user