octoleo
/
qpdf
mirror of https://github.com/qpdf/qpdf.git
2
1
Fork 0
Code Issues Releases Wiki Activity

Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740)

This commit is contained in:
Jay Berkenbilt 2021-11-04 13:52:47 -04:00
parent ec09b91443
commit a84a0b2487
3 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -1,5 +1,7 @@
2021-11-04 Jay Berkenbilt <ejb@ql.org>
* Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740).
* Add QIntC::range_check_substract to do range checking on
subtraction, which has different boundary conditions from
addition.

BIN
fuzz/qpdf_extra/37740.fuzz Normal file
View File

Binary file not shown.

2
libqpdf/QPDFNumberTreeObjectHelper.cc
View File

@ -1,5 +1,6 @@
#include <qpdf/QPDFNumberTreeObjectHelper.hh>
#include <qpdf/NNTree.hh>
#include <qpdf/QIntC.hh>
class NumberTreeDetails: public NNTreeDetails
{
@ -235,6 +236,7 @@ QPDFNumberTreeObjectHelper::findObjectAtOrBelow(
return false;
}
oh = i->second;
QIntC::range_check_substract(idx, i->first);
offset = idx - i->first;
return true;
}