octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2024-11-16 17:45:09 +00:00
Code Issues Releases Wiki Activity
3,662 Commits 16 Branches 95 Tags 40 MiB
0f0747b3ae
Commit Graph

41 Commits

Author SHA1 Message Date
m-holger
dcf111a9bc Apply fuzzer Pl_Flate memory limit only when inflating 
Fixes fuzz issue 71689.
 2024-09-18 00:12:44 +01:00
m-holger
9ba6e070a1 Fix #1242 
Ensure QPDF m->all_pages and invalid_page_found are reset if
getAllPagesInternal throws an exception.

Fixes fuzz case 71624.
 2024-09-16 16:04:43 +01:00
m-holger
08eb6844c7 Add new qpdf_fuzzer test cases 2024-08-06 12:26:37 +01:00
m-holger
3bab4cf394 Refactor Pl_RunLength::decode 
Buffer output locally.
Add qpdf_fuzzer test case.
 2024-08-03 15:52:45 +01:00
m-holger
5edb548148 Reduce Pl_DCT and Pl_Flate memory limits during fuzzing 
Also, add additional qpdf_fuzzer test case.
 2024-08-03 14:09:31 +01:00
m-holger
bc68003cb3 Add additional qpdf_fuzzer test case 2024-07-28 18:10:02 +01:00
m-holger
30e187b458 Rename fuzz test case 2024-07-18 16:50:37 +01:00
m-holger
e14e828c3d Add further fuzz tests 2024-07-16 14:52:09 +01:00
m-holger
c2c1618e08 Add extra sanity check on pages tree 
Reject non-dictionary Page and Pages objects.

Also add additional qpdf_fuzzer test cases.
 2024-07-10 19:03:23 +01:00
m-holger
7172dbd4e0 Add additional fuzzer test cases 
Add test case for oss-fuzz 15471 and 69977a
 2024-07-09 17:17:10 +01:00
m-holger
e76d668219 Add qpdf_fuzzer test case 2024-07-07 23:58:18 +01:00
m-holger
c1cd3ec8a0 In QPDF::processXRefIndex check number of objects in subsection is > 0 
Fixes oss-fuzz 70055
 2024-07-06 16:09:50 +01:00
m-holger
42c511198b Suppress excessive warnings while fuzzing 
Add extra fuzz test case and amend memory limit for Pl_DCT.
 2024-07-02 01:16:23 +01:00
m-holger
0a081e1f09 In QPDFOutlineObjectHelper detect loops in direct children 
Also, add diagnostic messages in qpdf_fuzzer and additional fuzz test case.
 2024-06-29 12:38:07 +01:00
m-holger
8ae3ef28ac Fix #1170 
In QPDF::read_xrefEntry add buffer overflow test for first eol character.
Overlong f1 or f2 entries consisting only of zeros could cause a buffer
overflow.

Add fuzz testcase 69913.
 2024-06-27 08:17:58 +01:00
m-holger
e62973d277 In QPDF check for page tree after reading xref table 
Also add new fuzz test case.
 2024-06-25 15:18:54 +01:00
m-holger
7f8e0a0d22 Add fuzz testcase 68915.fuzz 2024-05-11 21:49:27 +01:00
m-holger
02e89bbe47 Fix bug in QPDFWriter::preserveObjectStreams 
Code failed to allow for QPDF::getCompressibleObjSet deleting objects
from the object cache in case of multiple entries for the same object id.

Add fuzz test case 68668.
 2024-05-04 10:55:30 +01:00
m-holger
e85b98b7e8 Guard against object id == std::numeric_limits<int> in QPDF::insertReconstructedXrefEntry 2024-04-30 12:38:02 +01:00
m-holger
60c7d594b8 In QPDF::filterCompressedObjects ignore objects not in QPDFWriter tables 
Add fuzz case 68377.
 2024-04-30 10:46:06 +01:00
m-holger
6e3b7982db Fix incorrect handling of invalid negative object ids 
Fix two errors introduced in #1110 and #1112. Since
#1110, encountering the invalid indirect reference #1110
-2147483648 n R produces an integer underflow which, if
 undetected, immediately trigger a logic error. Since
 #1112, object -1 0 R may be incorrectly identified as
 an earlier generation of itself and deleted,
 invalidating a live iterator.
 2024-01-17 10:39:06 +00:00
Jay Berkenbilt
ebb10f3256 Fix null pointer issue on array copy 2024-01-12 08:05:22 -05:00
Jay Berkenbilt
a69fea14ae Add the file to reproduce fuzz issue 57639 
It is possible to reproduce the failure with this file following the
instructions with oss-fuzz, though it does not cause a failure in CI.

The failure was introduced in
18c1ffe0df.
 2023-05-05 06:45:40 -04:00
Jay Berkenbilt
a84a0b2487 Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740) 2021-11-04 14:03:24 -04:00
Jay Berkenbilt
9fcf61b2f6 Fix loop in QPDFOutlineDocumentHelper (fuzz issue 30507) 2021-02-10 16:27:44 -05:00
Jay Berkenbilt
dc92574c10 Fix some pipelines to be safe if downstream write fails (fuzz issue 28262) 2021-01-04 15:17:35 -05:00
Jay Berkenbilt
9d64481571 Handle negative numbers in QIntC::range_check (fuzz issue 26994) 2020-11-21 13:43:04 -05:00
Jay Berkenbilt
bd79138c84 Treat direct page as runtime rather than logic error (fuzz issue 27393) 2020-11-11 09:50:43 -05:00
Jay Berkenbilt
6971f78ff6 Fix stack overflow on direct root (fuzz issue 26761) 2020-10-31 13:10:39 -04:00
Jay Berkenbilt
8a11feacc3 Avoid leak by resolving object streams more than once (fuzz issue 23642) 2020-10-22 15:39:36 -04:00
Jay Berkenbilt
c1684eae91 Check for overflow in page labels (fuzz issue 23599) 2020-10-22 05:49:24 -04:00
Jay Berkenbilt
24196c08cb Fix loop detection error (fuzz issue 23172) 2020-10-22 05:48:35 -04:00
Jay Berkenbilt
9094fb1f8e Fix two additional fuzz test cases 2019-11-03 18:59:12 -05:00
Jay Berkenbilt
bb83e65193 Fix fuzz issue 16953 (overflow checking in xref stream index) 2019-09-17 19:48:47 -04:00
Jay Berkenbilt
0e51a9aca6 Don't encrypt trailer, fixes fuzz issue 15983 
Ordinarily the trailer doesn't contain any strings, so this is usually
a non-issue, but if the trailer contains strings, linearizing and
encrypting with object streams would include encrypted strings in the
trailer, which would blow out the padding because encrypted strings
are longer than their cleartext counterparts.
 2019-08-28 23:06:32 -04:00
Jay Berkenbilt
15248aa54b Safe pipeline pop fixed fuzz issue 15445 2019-08-27 22:27:47 -04:00
Jay Berkenbilt
dadf8307c8 Fix fuzz issues 15316 and 15390 2019-08-27 20:39:06 -04:00
Jay Berkenbilt
456c285b02 Fix fuzz issue 16172 (overflow checking in OffsetInputSource) 2019-08-27 13:08:07 -04:00
Jay Berkenbilt
ad8081daf5 Fix fuzz issue 15442 (overflow checking in BufferInputSource) 2019-08-27 11:26:25 -04:00
Jay Berkenbilt
ac5e6de2e8 Fix fuzz issue 15387 (overflow checking xref size) 2019-08-27 11:26:25 -04:00
Jay Berkenbilt
94e86e2528 Fix fuzz issue 16301 2019-08-25 22:52:25 -04:00