mirror of
https://github.com/qpdf/qpdf.git
synced 2024-11-14 00:34:03 +00:00
In QPDF::processXRefIndex check number of objects in subsection is > 0
Fixes oss-fuzz 70055
This commit is contained in:
parent
ce2deaf185
commit
c1cd3ec8a0
@ -122,6 +122,7 @@ set(CORPUS_OTHER
|
|||||||
69913.fuzz
|
69913.fuzz
|
||||||
69969.fuzz
|
69969.fuzz
|
||||||
69977.fuzz
|
69977.fuzz
|
||||||
|
70055.fuzz
|
||||||
)
|
)
|
||||||
|
|
||||||
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
|
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
|
||||||
|
BIN
fuzz/qpdf_extra/70055.fuzz
Normal file
BIN
fuzz/qpdf_extra/70055.fuzz
Normal file
Binary file not shown.
@ -21,7 +21,7 @@ my @fuzzers = (
|
|||||||
['pngpredictor' => 1],
|
['pngpredictor' => 1],
|
||||||
['runlength' => 6],
|
['runlength' => 6],
|
||||||
['tiffpredictor' => 2],
|
['tiffpredictor' => 2],
|
||||||
['qpdf' => 64], # increment when adding new files
|
['qpdf' => 65], # increment when adding new files
|
||||||
);
|
);
|
||||||
|
|
||||||
my $n_tests = 0;
|
my $n_tests = 0;
|
||||||
|
@ -1129,6 +1129,11 @@ QPDF::processXRefIndex(
|
|||||||
if (val.isInteger()) {
|
if (val.isInteger()) {
|
||||||
if (i % 2) {
|
if (i % 2) {
|
||||||
auto count = val.getIntValue();
|
auto count = val.getIntValue();
|
||||||
|
if (count <= 0) {
|
||||||
|
throw damaged(
|
||||||
|
"Cross-reference stream section claims to contain " +
|
||||||
|
std::to_string(count) + " entries");
|
||||||
|
}
|
||||||
// We are guarding against the possibility of num_entries * entry_size
|
// We are guarding against the possibility of num_entries * entry_size
|
||||||
// overflowing. We are not checking that entries are in ascending order as
|
// overflowing. We are not checking that entries are in ascending order as
|
||||||
// required by the spec, which probably should generate a warning. We are also
|
// required by the spec, which probably should generate a warning. We are also
|
||||||
|
Loading…
Reference in New Issue
Block a user