mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 10:58:58 +00:00
Fix #1170
In QPDF::read_xrefEntry add buffer overflow test for first eol character. Overlong f1 or f2 entries consisting only of zeros could cause a buffer overflow. Add fuzz testcase 69913.
This commit is contained in:
parent
3d569e2171
commit
8ae3ef28ac
@ -119,6 +119,7 @@ set(CORPUS_OTHER
|
|||||||
68668.fuzz
|
68668.fuzz
|
||||||
68915.fuzz
|
68915.fuzz
|
||||||
69857.fuzz
|
69857.fuzz
|
||||||
|
69913.fuzz
|
||||||
)
|
)
|
||||||
|
|
||||||
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
|
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
|
||||||
|
BIN
fuzz/qpdf_extra/69913.fuzz
Normal file
BIN
fuzz/qpdf_extra/69913.fuzz
Normal file
Binary file not shown.
@ -21,7 +21,7 @@ my @fuzzers = (
|
|||||||
['pngpredictor' => 1],
|
['pngpredictor' => 1],
|
||||||
['runlength' => 6],
|
['runlength' => 6],
|
||||||
['tiffpredictor' => 2],
|
['tiffpredictor' => 2],
|
||||||
['qpdf' => 61], # increment when adding new files
|
['qpdf' => 62], # increment when adding new files
|
||||||
);
|
);
|
||||||
|
|
||||||
my $n_tests = 0;
|
my $n_tests = 0;
|
||||||
|
@ -905,9 +905,8 @@ QPDF::read_xrefEntry(qpdf_offset_t& f1, int& f2, char& type)
|
|||||||
if (QUtil::is_space(*p++) && (*p == 'f' || *p == 'n')) {
|
if (QUtil::is_space(*p++) && (*p == 'f' || *p == 'n')) {
|
||||||
// C++20: [[likely]]
|
// C++20: [[likely]]
|
||||||
type = *p;
|
type = *p;
|
||||||
++p;
|
// No test for valid line[19].
|
||||||
++p; // No test for valid line[19].
|
if (*(++p) && *(++p) && (*p == '\n' || *p == '\r') && f1_len == 10 && f2_len == 5) {
|
||||||
if ((*p == '\n' || *p == '\r') && f1_len == 10 && f2_len == 5) {
|
|
||||||
// C++20: [[likely]]
|
// C++20: [[likely]]
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user