From 4f16961052694b946acf80e1bbf10a51994a353a Mon Sep 17 00:00:00 2001 From: m-holger Date: Mon, 22 Jul 2024 13:11:07 +0100 Subject: [PATCH 1/2] In MD5_native::transform disable sanitizer unsigned integer overflow checks Wrap-around is intentional and generates false positives --- libqpdf/MD5_native.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libqpdf/MD5_native.cc b/libqpdf/MD5_native.cc index 8cd03862..f920966f 100644 --- a/libqpdf/MD5_native.cc +++ b/libqpdf/MD5_native.cc @@ -193,7 +193,12 @@ MD5_native::digest(Digest result) } // MD5 basic transformation. Transforms state based on block. +// +// NB The algorithm intentionally relies on unsigned integer wrap-around void MD5_native::transform(uint32_t state[4], unsigned char block[64]) +#if defined(__clang__) +__attribute__((no_sanitize("unsigned-integer-overflow"))) +#endif { uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; From 4f694cdfde1558b0dfdf42cf362796bf11792d2c Mon Sep 17 00:00:00 2001 From: m-holger Date: Mon, 22 Jul 2024 13:25:21 +0100 Subject: [PATCH 2/2] In qpdf_fuzzer reduce Pl_PNGFilter and Pl_TIFFPredictor memory limits --- fuzz/qpdf_fuzzer.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fuzz/qpdf_fuzzer.cc b/fuzz/qpdf_fuzzer.cc index 3486c1be..2f6909fe 100644 --- a/fuzz/qpdf_fuzzer.cc +++ b/fuzz/qpdf_fuzzer.cc @@ -181,8 +181,8 @@ FuzzHelper::doChecks() // occur legitimately and therefore must be allowed during normal operations. Pl_DCT::setMemoryLimit(1'000'000'000); - Pl_PNGFilter::setMemoryLimit(1'000'000'000); - Pl_TIFFPredictor::setMemoryLimit(1'000'000'000); + Pl_PNGFilter::setMemoryLimit(1'000'000); + Pl_TIFFPredictor::setMemoryLimit(1'000'000); // Do not decompress corrupt data. This may cause extended runtime within jpeglib without // exercising additional code paths in qpdf, and potentially causing counterproductive timeouts.