2
1
mirror of https://github.com/qpdf/qpdf.git synced 2025-01-02 22:50:20 +00:00

Merge pull request #1231 from m-holger/fuzz

In QPDF::processXRefIndex check number of objects in subsection is > 0
This commit is contained in:
m-holger 2024-07-07 00:22:52 +01:00 committed by GitHub
commit e9df787132
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 7 additions and 1 deletions

View File

@ -122,6 +122,7 @@ set(CORPUS_OTHER
69913.fuzz
69969.fuzz
69977.fuzz
70055.fuzz
)
set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus)

BIN
fuzz/qpdf_extra/70055.fuzz Normal file

Binary file not shown.

View File

@ -21,7 +21,7 @@ my @fuzzers = (
['pngpredictor' => 1],
['runlength' => 6],
['tiffpredictor' => 2],
['qpdf' => 64], # increment when adding new files
['qpdf' => 65], # increment when adding new files
);
my $n_tests = 0;

View File

@ -1129,6 +1129,11 @@ QPDF::processXRefIndex(
if (val.isInteger()) {
if (i % 2) {
auto count = val.getIntValue();
if (count <= 0) {
throw damaged(
"Cross-reference stream section claims to contain " +
std::to_string(count) + " entries");
}
// We are guarding against the possibility of num_entries * entry_size
// overflowing. We are not checking that entries are in ascending order as
// required by the spec, which probably should generate a warning. We are also