mirror of
https://github.com/qpdf/qpdf.git
synced 2024-05-31 01:10:51 +00:00
Fix two additional fuzz test cases
This commit is contained in:
parent
c590dbc38e
commit
9094fb1f8e
BIN
fuzz/qpdf_extra/18241.fuzz
Normal file
BIN
fuzz/qpdf_extra/18241.fuzz
Normal file
Binary file not shown.
BIN
fuzz/qpdf_extra/18247.fuzz
Normal file
BIN
fuzz/qpdf_extra/18247.fuzz
Normal file
Binary file not shown.
|
@ -688,7 +688,7 @@ QPDF::read_xref(qpdf_offset_t xref_offset)
|
||||||
{
|
{
|
||||||
max_obj = std::max(max_obj, *(this->m->deleted_objects.rbegin()));
|
max_obj = std::max(max_obj, *(this->m->deleted_objects.rbegin()));
|
||||||
}
|
}
|
||||||
if (size - 1 != max_obj)
|
if ((size < 1) || (size - 1 != max_obj))
|
||||||
{
|
{
|
||||||
QTC::TC("qpdf", "QPDF xref size mismatch");
|
QTC::TC("qpdf", "QPDF xref size mismatch");
|
||||||
warn(QPDFExc(qpdf_e_damaged_pdf, this->m->file->getName(), "", 0,
|
warn(QPDFExc(qpdf_e_damaged_pdf, this->m->file->getName(), "", 0,
|
||||||
|
@ -1206,7 +1206,8 @@ QPDF::processXRefStream(qpdf_offset_t xref_offset, QPDFObjectHandle& xref_obj)
|
||||||
// an uncompressed object record, in which case the generation
|
// an uncompressed object record, in which case the generation
|
||||||
// number appears as the third field.
|
// number appears as the third field.
|
||||||
int obj = toI(indx.at(cur_chunk));
|
int obj = toI(indx.at(cur_chunk));
|
||||||
if ((std::numeric_limits<int>::max() - obj) < chunk_count)
|
if ((obj < 0) ||
|
||||||
|
((std::numeric_limits<int>::max() - obj) < chunk_count))
|
||||||
{
|
{
|
||||||
std::ostringstream msg;
|
std::ostringstream msg;
|
||||||
msg << "adding " << chunk_count << " to " << obj
|
msg << "adding " << chunk_count << " to " << obj
|
||||||
|
|
Loading…
Reference in New Issue
Block a user