From dadf8307c83706c3b097bc4b1fe7b24defbebb8e Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Tue, 27 Aug 2019 17:57:38 -0400 Subject: [PATCH] Fix fuzz issues 15316 and 15390 --- fuzz/qpdf_extra/15316.fuzz | 3 +++ fuzz/qpdf_extra/15390.fuzz | Bin 0 -> 821 bytes libqpdf/QPDF.cc | 6 ++++++ 3 files changed, 9 insertions(+) create mode 100644 fuzz/qpdf_extra/15316.fuzz create mode 100644 fuzz/qpdf_extra/15390.fuzz diff --git a/fuzz/qpdf_extra/15316.fuzz b/fuzz/qpdf_extra/15316.fuzz new file mode 100644 index 00000000..0c29ddc2 --- /dev/null +++ b/fuzz/qpdf_extra/15316.fuzz @@ -0,0 +1,3 @@ + 1 0 obj<<2147483647 0 R>> +endobj +trailer<> \ No newline at end of file diff --git a/fuzz/qpdf_extra/15390.fuzz b/fuzz/qpdf_extra/15390.fuzz new file mode 100644 index 0000000000000000000000000000000000000000..e8233c9a202ad368b299bfe7f8ff7f1a06bd8dd8 GIT binary patch literal 821 zcmah{O>5gg5Y?&Bh5Uyp#ZU^(e#w#w!H3upgnZUU{!=bJ zrZbW@u|pw?4l}c}@4b1Wh#%#76n%)I$Sn8Rrgu5YzsP;fdJlh}@O*1h!I%UA)vrJ7 z;D7<}i?uHnrFEdNJf_N}ncK5!YJq=uHe81b2Rigk?pD|{G~N`|obJ#0cxaXg)gWVG zWSw^)McO?X3>bd4oDw}F!cGSt9S=V$q57)7`iu{U)w=YM5NN)rorgG(o*K;hA!{W( zYuo}Sl`liKcv=wP$ztl@Cq@8ChXc?myvP}AO#skgP7DJ(hJpH)pjvwJ%WV%v?XS6G z>L))sYDrsox+fL<`sPO?r(74se}jgsH9`l?ym3OOkMD5dc+Ty{J6~I~d^R}MLJJg3 z2TEW~Acc;pI-2DfC6^QQKj z+Rm8NS(dS0?+ER#VTJC2Oqh~!8fQ9*X%(G&(R+Ss%enszX^Yq3G&3Gf$k1GZieWOt WI92!wm`pMLbY%*?ho-zm&;9`{VZz`5 literal 0 HcmV?d00001 diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc index f6d16e4d..a774bd42 100644 --- a/libqpdf/QPDF.cc +++ b/libqpdf/QPDF.cc @@ -4,6 +4,7 @@ #include #include #include +#include #include #include #include @@ -2151,6 +2152,11 @@ QPDFObjectHandle QPDF::makeIndirectObject(QPDFObjectHandle oh) { int max_objid = toI(getObjectCount()); + if (max_objid == std::numeric_limits::max()) + { + throw std::range_error( + "max object id is too high to create new objects"); + } QPDFObjGen next(max_objid + 1, 0); this->m->obj_cache[next] = ObjCache(QPDFObjectHandle::ObjAccessor::getObject(oh), -1, -1);