mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 10:58:58 +00:00
Fix #1170
In QPDF::read_xrefEntry add buffer overflow test for first eol character. Overlong f1 or f2 entries consisting only of zeros could cause a buffer overflow. Add fuzz testcase 69913.
This commit is contained in:
parent
3d569e2171
commit
8ae3ef28ac
@ -119,6 +119,7 @@ set(CORPUS_OTHER
|
||||
68668.fuzz
|
||||
68915.fuzz
|
||||
69857.fuzz
|
||||
69913.fuzz
|
||||
)
|
||||
|
||||
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
|
||||
|
BIN
fuzz/qpdf_extra/69913.fuzz
Normal file
BIN
fuzz/qpdf_extra/69913.fuzz
Normal file
Binary file not shown.
@ -21,7 +21,7 @@ my @fuzzers = (
|
||||
['pngpredictor' => 1],
|
||||
['runlength' => 6],
|
||||
['tiffpredictor' => 2],
|
||||
['qpdf' => 61], # increment when adding new files
|
||||
['qpdf' => 62], # increment when adding new files
|
||||
);
|
||||
|
||||
my $n_tests = 0;
|
||||
|
@ -905,9 +905,8 @@ QPDF::read_xrefEntry(qpdf_offset_t& f1, int& f2, char& type)
|
||||
if (QUtil::is_space(*p++) && (*p == 'f' || *p == 'n')) {
|
||||
// C++20: [[likely]]
|
||||
type = *p;
|
||||
++p;
|
||||
++p; // No test for valid line[19].
|
||||
if ((*p == '\n' || *p == '\r') && f1_len == 10 && f2_len == 5) {
|
||||
// No test for valid line[19].
|
||||
if (*(++p) && *(++p) && (*p == '\n' || *p == '\r') && f1_len == 10 && f2_len == 5) {
|
||||
// C++20: [[likely]]
|
||||
return true;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user