2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-31 14:01:59 +00:00

Merge pull request #1288 from m-holger/fuzz

In  QPDFParser add a limit on total number of errors in one object
This commit is contained in:
m-holger 2024-09-19 23:58:26 +01:00 committed by GitHub
commit 7d34b89a69
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 11 additions and 8 deletions

View File

@ -469,13 +469,14 @@ QPDFParser::fixMissingKeys()
bool bool
QPDFParser::tooManyBadTokens() QPDFParser::tooManyBadTokens()
{ {
if (good_count <= 4) { if (--max_bad_count > 0 && good_count > 4) {
if (++bad_count > 5) { good_count = 0;
warn("too many errors; giving up on reading object");
return true;
}
} else {
bad_count = 1; bad_count = 1;
return false;
}
if (++bad_count > 5) {
warn("too many errors; giving up on reading object");
return true;
} }
good_count = 0; good_count = 0;
return false; return false;

View File

@ -83,9 +83,11 @@ class QPDFParser
std::vector<StackFrame> stack; std::vector<StackFrame> stack;
StackFrame* frame; StackFrame* frame;
// Number of recent bad tokens. // Number of recent bad tokens.
int bad_count = 0; int bad_count{0};
// Number of bad tokens (remaining) before giving up.
int max_bad_count{15};
// Number of good tokens since last bad token. Irrelevant if bad_count == 0. // Number of good tokens since last bad token. Irrelevant if bad_count == 0.
int good_count = 0; int good_count{0};
// Start offset including any leading whitespace. // Start offset including any leading whitespace.
qpdf_offset_t start; qpdf_offset_t start;
// Number of successive integer tokens. // Number of successive integer tokens.