From c93b149b4d66f7a537cae4af888035bec29448af Mon Sep 17 00:00:00 2001 From: m-holger Date: Fri, 28 Jun 2024 19:38:52 +0100 Subject: [PATCH] Limit memory used for JPEG decompression during fuzzing --- CMakeLists.txt | 4 ++++ job.sums | 2 +- libqpdf/Pl_DCT.cc | 8 ++++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 6caba84f..73ea22af 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -131,6 +131,10 @@ if(FUTURE) add_compile_definitions(QPDF_FUTURE=1) endif() +if(OSS_FUZZ) + add_compile_definitions(QPDF_OSS_FUZZ=1) +endif() + enable_testing() set(RUN_QTEST perl ${qpdf_SOURCE_DIR}/run-qtest ${ENABLE_QTC_ARG}) diff --git a/job.sums b/job.sums index 4f53c923..5a0d8c4b 100644 --- a/job.sums +++ b/job.sums @@ -1,5 +1,5 @@ # Generated by generate_auto_job -CMakeLists.txt 47752f33b17fa526d46fc608a25ad6b8c61feba9deb1bd659fddf93e6e08b102 +CMakeLists.txt 456938b9debc4997f142ccfb13f3baf2517ae5855e1fe9b2ada1a0b8f7e4facf generate_auto_job f64733b79dcee5a0e3e8ccc6976448e8ddf0e8b6529987a66a7d3ab2ebc10a86 include/qpdf/auto_job_c_att.hh 4c2b171ea00531db54720bf49a43f8b34481586ae7fb6cbf225099ee42bc5bb4 include/qpdf/auto_job_c_copy_att.hh 50609012bff14fd82f0649185940d617d05d530cdc522185c7f3920a561ccb42 diff --git a/libqpdf/Pl_DCT.cc b/libqpdf/Pl_DCT.cc index 61f3791e..e9a98876 100644 --- a/libqpdf/Pl_DCT.cc +++ b/libqpdf/Pl_DCT.cc @@ -310,6 +310,14 @@ Pl_DCT::decompress(void* cinfo_p, Buffer* b) jpeg_create_decompress(cinfo); #if ((defined(__GNUC__) && ((__GNUC__ * 100) + __GNUC_MINOR__) >= 406) || defined(__clang__)) # pragma GCC diagnostic pop +#endif + +#ifdef QPDF_OSS_FUZZ + // Limit the memory used to decompress JPEG files during fuzzing. Excessive memory use during + // fuzzing is due to corrupt JPEG data which sometimes cannot be detected before + // jpeg_start_decompress is called. During normal use of qpdf very large JPEGs can occasionally + // occur legitimately and therefore must be allowed during normal operations. + cinfo->mem->max_memory_to_use = 1'000'000'000; #endif jpeg_buffer_src(cinfo, b);