mirror of
https://github.com/qpdf/qpdf.git
synced 2024-11-14 08:44:04 +00:00
Apply fuzzer Pl_Flate memory limit only when inflating
Fixes fuzz issue 71689.
This commit is contained in:
parent
bcf56e5333
commit
dcf111a9bc
@ -141,6 +141,7 @@ set(CORPUS_OTHER
|
|||||||
70306a.fuzz
|
70306a.fuzz
|
||||||
70306b.fuzz
|
70306b.fuzz
|
||||||
71624.fuzz
|
71624.fuzz
|
||||||
|
71689.fuzz
|
||||||
)
|
)
|
||||||
|
|
||||||
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
|
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)
|
||||||
|
BIN
fuzz/qpdf_extra/71689.fuzz
Normal file
BIN
fuzz/qpdf_extra/71689.fuzz
Normal file
Binary file not shown.
@ -93,13 +93,6 @@ FuzzHelper::testWrite()
|
|||||||
w->setDeterministicID(true);
|
w->setDeterministicID(true);
|
||||||
w->setQDFMode(true);
|
w->setQDFMode(true);
|
||||||
doWrite(w);
|
doWrite(w);
|
||||||
|
|
||||||
q = getQpdf();
|
|
||||||
w = getWriter(q);
|
|
||||||
w->setStaticID(true);
|
|
||||||
w->setLinearization(true);
|
|
||||||
w->setR6EncryptionParameters("u", "o", true, true, true, true, true, true, qpdf_r3p_full, true);
|
|
||||||
doWrite(w);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
|
@ -11,7 +11,7 @@ my $td = new TestDriver('fuzz');
|
|||||||
|
|
||||||
my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
|
my $qpdf_corpus = $ENV{'QPDF_FUZZ_CORPUS'} || die "must set QPDF_FUZZ_CORPUS";
|
||||||
|
|
||||||
my $n_qpdf_files = 78; # increment when adding new files
|
my $n_qpdf_files = 79; # increment when adding new files
|
||||||
|
|
||||||
my @fuzzers = (
|
my @fuzzers = (
|
||||||
['ascii85' => 1],
|
['ascii85' => 1],
|
||||||
|
@ -181,7 +181,7 @@ Pl_Flate::handleData(unsigned char const* data, size_t len, int flush)
|
|||||||
}
|
}
|
||||||
uLong ready = QIntC::to_ulong(m->out_bufsize - zstream.avail_out);
|
uLong ready = QIntC::to_ulong(m->out_bufsize - zstream.avail_out);
|
||||||
if (ready > 0) {
|
if (ready > 0) {
|
||||||
if (memory_limit) {
|
if (memory_limit && m->action != a_deflate) {
|
||||||
m->written += ready;
|
m->written += ready;
|
||||||
if (m->written > memory_limit) {
|
if (m->written > memory_limit) {
|
||||||
throw std::runtime_error("PL_Flate memory limit exceeded");
|
throw std::runtime_error("PL_Flate memory limit exceeded");
|
||||||
@ -205,7 +205,7 @@ void
|
|||||||
Pl_Flate::finish()
|
Pl_Flate::finish()
|
||||||
{
|
{
|
||||||
if (m->written > memory_limit) {
|
if (m->written > memory_limit) {
|
||||||
return;
|
throw std::runtime_error("PL_Flate memory limit exceeded");
|
||||||
}
|
}
|
||||||
try {
|
try {
|
||||||
if (m->outbuf.get()) {
|
if (m->outbuf.get()) {
|
||||||
|
Loading…
Reference in New Issue
Block a user