2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 02:49:00 +00:00

Apply fuzzer Pl_Flate memory limit only when inflating

Fixes fuzz issue 71689.
This commit is contained in:
m-holger 2024-09-18 00:12:44 +01:00
parent bcf56e5333
commit dcf111a9bc
5 changed files with 4 additions and 10 deletions

View File

@ -141,6 +141,7 @@ set(CORPUS_OTHER
70306a.fuzz
70306b.fuzz
71624.fuzz
71689.fuzz
)
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)

BIN
fuzz/qpdf_extra/71689.fuzz Normal file

Binary file not shown.

View File

@ -93,13 +93,6 @@ FuzzHelper::testWrite()
w->setDeterministicID(true);
w->setQDFMode(true);
doWrite(w);
q = getQpdf();
w = getWriter(q);
w->setStaticID(true);
w->setLinearization(true);
w->setR6EncryptionParameters("u", "o", true, true, true, true, true, true, qpdf_r3p_full, true);
doWrite(w);
}
void

View File

@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz');
my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
my $n_qpdf_files = 78; # increment when adding new files
my $n_qpdf_files = 79; # increment when adding new files
my @fuzzers = (
['ascii85' => 1],

View File

@ -181,7 +181,7 @@ Pl_Flate::handleData(unsigned char const* data, size_t len, int flush)
}
uLong ready = QIntC::to_ulong(m->out_bufsize - zstream.avail_out);
if (ready > 0) {
if (memory_limit) {
if (memory_limit && m->action != a_deflate) {
m->written += ready;
if (m->written > memory_limit) {
throw std::runtime_error("PL_Flate memory limit exceeded");
@ -205,7 +205,7 @@ void
Pl_Flate::finish()
{
if (m->written > memory_limit) {
return;
throw std::runtime_error("PL_Flate memory limit exceeded");
}
try {
if (m->outbuf.get()) {