Fix fuzz issue 15387 (overflow checking xref size)

fuzz/qpdf_extra/15387.fuzz

@@ -0,0 +1,2 @@
+  xref 2147483647 1 1 5 fstartxref 2
+trailer<</Size 0>>

libqpdf/QPDF.cc

@@ -672,14 +672,14 @@ QPDF::read_xref(qpdf_offset_t xref_offset)
     {
 	max_obj = std::max(max_obj, *(this->m->deleted_objects.rbegin()));
     }
-    if (size != max_obj + 1)
+    if (size - 1 != max_obj)
     {
 	QTC::TC("qpdf", "QPDF xref size mismatch");
 	warn(QPDFExc(qpdf_e_damaged_pdf, this->m->file->getName(), "", 0,
 		     std::string("reported number of objects (") +
 		     QUtil::int_to_string(size) +
-		     ") inconsistent with actual number of objects (" +
-		     QUtil::int_to_string(max_obj + 1) + ")"));
+		     ") is not one plus the highest object number (" +
+		     QUtil::int_to_string(max_obj) + ")"));
     }
 
     // We no longer need the deleted_objects table, so go ahead and

qpdf/qtest/qpdf/bad12-recover.out

@@ -1,4 +1,4 @@
-WARNING: bad12.pdf: reported number of objects (9) inconsistent with actual number of objects (8)
+WARNING: bad12.pdf: reported number of objects (9) is not one plus the highest object number (7)
 /QTest is implicit
 /QTest is direct and has type null (2)
 /QTest is null

qpdf/qtest/qpdf/bad12.out

@@ -1,4 +1,4 @@
-WARNING: bad12.pdf: reported number of objects (9) inconsistent with actual number of objects (8)
+WARNING: bad12.pdf: reported number of objects (9) is not one plus the highest object number (7)
 /QTest is implicit
 /QTest is direct and has type null (2)
 /QTest is null

qpdf/qtest/qpdf/issue-51.out

@@ -1,5 +1,5 @@
 WARNING: issue-51.pdf: can't find PDF header
-WARNING: issue-51.pdf: reported number of objects (0) inconsistent with actual number of objects (9)
+WARNING: issue-51.pdf: reported number of objects (0) is not one plus the highest object number (8)
 WARNING: issue-51.pdf (object 7 0, offset 553): expected endobj
 WARNING: issue-51.pdf (object 1 0, offset 359): expected endobj
 WARNING: issue-51.pdf (offset 70): loop detected resolving object 2 0