Commit Graph

63 Commits

Author SHA1 Message Date
m-holger e6577a1323 Replace 'virtual' specifier with 'override' 2023-05-20 15:41:56 +01:00
Jay Berkenbilt a69fea14ae Add the file to reproduce fuzz issue 57639
It is possible to reproduce the failure with this file following the
instructions with oss-fuzz, though it does not cause a failure in CI.

The failure was introduced in
18c1ffe0df.
2023-05-05 06:45:40 -04:00
Jay Berkenbilt a59e7ac7ec Disable copying/assigning to QPDF objects, add QPDF::create() 2022-09-02 08:53:27 -04:00
m-holger 6c69a747b9 Code clean up: use range-style for loops wherever possible
Remove variables obsoleted by commit 4f24617.
2022-05-21 16:06:29 -04:00
Jay Berkenbilt 16f4f94cd9 Prepare code for JSON v2
Update getJSON() methods and calls to them
2022-05-07 11:12:01 -04:00
Jay Berkenbilt 8ccd3a8a89 Mark weak encryption with API changes (fixes #576) 2022-04-30 17:24:15 -04:00
Jay Berkenbilt 4f24617e1e Code clean up: use range-style for loops wherever possible
Where not possible, use "auto" to get the iterator type.

Editorial note: I have avoid this change for a long time because of
not wanting to make gratuitous changes to version history, which can
obscure when certain changes were made, but with having recently
touched every single file to apply automatic code formatting and with
making several broad changes to the API, I decided it was time to take
the plunge and get rid of the older (pre-C++11) verbose iterator
syntax. The new code is just easier to read and understand, and in
many cases, it will be more effecient as fewer temporary copies are
being made.

m-holger, if you're reading, you can see that I've finally come
around. :-)
2022-04-30 13:27:18 -04:00
Jay Berkenbilt cdd0b4fb7d Use = default and = delete where possible in classes 2022-04-16 11:39:14 -04:00
Jay Berkenbilt ba0ef7a124 Replace PointerHolder with std::shared_ptr in the rest of the code
Increase to POINTERHOLDER_TRANSITION=3

patrepl s/PointerHolder/std::shared_ptr/g **/*.cc **/*.hh
patrepl s/make_pointer_holder/std::make_shared/g **/*.cc
patrepl s/make_array_pointer_holder/QUtil::make_shared_array/g **/*.cc
patrepl s,qpdf/std::shared_ptr,qpdf/PointerHolder, **/*.cc **/*.hh
git restore include/qpdf/PointerHolder.hh
git restore libtests/pointer_holder.cc
cleanpatch
./format-code
2022-04-09 17:33:29 -04:00
Jay Berkenbilt 12f1eb15ca Programmatically apply new formatting to code
Run this:

for i in  **/*.cc **/*.c **/*.h **/*.hh; do
  clang-format < $i >| $i.new && mv $i.new $i
done
2022-04-04 08:10:40 -04:00
Jay Berkenbilt 70d0d0889b Remove old build files 2022-03-18 19:53:18 -04:00
Jay Berkenbilt 87db567e1f Convert oss-fuzz-build to use cmake 2022-03-18 19:53:18 -04:00
Jay Berkenbilt b8aff90997 Add cmake configuration files 2022-03-18 19:53:18 -04:00
Jay Berkenbilt c71e41e9d9 Change handling of qpdf fuzz corpus
Files are copied into the build area rather than left in the source
tree, and the test suite looks for them there. Also remove special
case around counting files in the qpdf corpus.
2022-03-18 19:53:18 -04:00
Jay Berkenbilt 104684fe3f No newline for fuzz sha 2022-03-05 08:15:50 -05:00
Jay Berkenbilt cb769c62e5 WHITESPACE ONLY -- expand tabs in source code
This comment expands all tabs using an 8-character tab-width. You
should ignore this commit when using git blame or use git blame -w.

In the early days, I used to use tabs where possible for indentation,
since emacs did this automatically. In recent years, I have switched
to only using spaces, which means qpdf source code has been a mixture
of spaces and tabs. I have avoided cleaning this up because of not
wanting gratuitous whitespaces change to cloud the output of git
blame, but I changed my mind after discussing with users who view qpdf
source code in editors/IDEs that have other tab widths by default and
in light of the fact that I am planning to start applying automatic
code formatting soon.
2022-02-08 11:51:15 -05:00
Jay Berkenbilt c62e8e2b28 Update for clean compile with POINTERHOLDER_TRANSITION=2 2022-02-07 17:38:22 -05:00
Jay Berkenbilt 9044a24097 PointerHolder: deprecate getPointer() and getRefcount()
Use get() and use_count() instead. Add #define
NO_POINTERHOLDER_DEPRECATION to remove deprecation markers for these
only.

This commit also removes all deprecated PointerHolder API calls from
qpdf's code except in PointerHolder's test suite, which must continue
to test the deprecated APIs.
2022-02-04 13:12:37 -05:00
Jay Berkenbilt e4ef3d1540 Remove original qpdf fuzz seed corpus from tests
Since the introduction of fuzz testing, there has never been a problem
found because of a failure of a file in the fuzzer seed corpus. As the
fuzzer has found problems, they have been added to the test suite, and
that should be adequate to exercise the fuzzers in the tesing
environment as well as providing adequate regression testing.

Removing these original files shaves many minutes off the builds in CI.
2021-12-16 15:53:24 -05:00
Jay Berkenbilt 750aca5b94 First increment of improving handling of weak crypto (fixes #358) 2021-11-11 12:24:15 -05:00
Jay Berkenbilt a84a0b2487 Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740) 2021-11-04 14:03:24 -04:00
Jay Berkenbilt 4a648b9a00 Fix bug in merging resources /DR from foreign AcroForm (fixes #548)
When making resources indirect in from_dr, the code was using the
wrong owning QPDF, forgetting that from_dr had already been copied
using CopyForeignObject.
2021-11-04 12:29:42 -04:00
Jay Berkenbilt 9fcf61b2f6 Fix loop in QPDFOutlineDocumentHelper (fuzz issue 30507) 2021-02-10 16:27:44 -05:00
Jay Berkenbilt dc92574c10 Fix some pipelines to be safe if downstream write fails (fuzz issue 28262) 2021-01-04 15:17:35 -05:00
Jay Berkenbilt 3be58f49e5 Make more QPDFPageObjectHelper methods work with form XObject 2021-01-02 14:08:53 -05:00
Jay Berkenbilt 63ea46193d QPDFPageObjectHelper: getPageImages -> getImages 2021-01-02 11:33:36 -05:00
Jay Berkenbilt 9d64481571 Handle negative numbers in QIntC::range_check (fuzz issue 26994) 2020-11-21 13:43:04 -05:00
Jay Berkenbilt bd79138c84 Treat direct page as runtime rather than logic error (fuzz issue 27393) 2020-11-11 09:50:43 -05:00
Jay Berkenbilt 6971f78ff6 Fix stack overflow on direct root (fuzz issue 26761) 2020-10-31 13:10:39 -04:00
Jay Berkenbilt 8a11feacc3 Avoid leak by resolving object streams more than once (fuzz issue 23642) 2020-10-22 15:39:36 -04:00
Jay Berkenbilt 232f5fc9f3 Handle jpeg library fuzz false positives
The jpeg library has some assembly code that is missed by the compiler
instrumentation used by memory sanitization. There is a runtime
environment variable that is used to work around this issue.
2020-10-22 06:31:52 -04:00
Jay Berkenbilt c1684eae91 Check for overflow in page labels (fuzz issue 23599) 2020-10-22 05:49:24 -04:00
Jay Berkenbilt 24196c08cb Fix loop detection error (fuzz issue 23172) 2020-10-22 05:48:35 -04:00
Jay Berkenbilt ef127001b3 Remove some fuzz files with Mal/PDFEx-H (fixes #460)
There isn't really an issue with these files causing a real problem,
but malware and virus checkers trip on them, and the value to leaving
them in the test suite is too low to be worth the hassle.
2020-10-21 14:44:20 -04:00
Jay Berkenbilt 1bcd8c1649 Rename azure-pipelines to build-scripts 2020-10-16 11:19:09 -04:00
Jay Berkenbilt 6d1d244615 Explicitly use only native crypto for oss-fuzz
I don't need qpdf's fuzz to find leaks and invalid memory in gnutls.
2019-11-09 09:53:42 -05:00
Jay Berkenbilt 9094fb1f8e Fix two additional fuzz test cases 2019-11-03 18:59:12 -05:00
Jay Berkenbilt bb83e65193 Fix fuzz issue 16953 (overflow checking in xref stream index) 2019-09-17 19:48:47 -04:00
Jay Berkenbilt 0e51a9aca6 Don't encrypt trailer, fixes fuzz issue 15983
Ordinarily the trailer doesn't contain any strings, so this is usually
a non-issue, but if the trailer contains strings, linearizing and
encrypting with object streams would include encrypted strings in the
trailer, which would blow out the padding because encrypted strings
are longer than their cleartext counterparts.
2019-08-28 23:06:32 -04:00
Jay Berkenbilt 47a38a942d Detect stream in object stream, fixing fuzz 16214
It's detected in QPDFWriter instead of at parse time because I can't
figure out how to construct a test case in a reasonable time. This
commit moves the fuzz file into the regular test suite for a QTC
coverage case.
2019-08-28 12:49:04 -04:00
Jay Berkenbilt 15248aa54b Safe pipeline pop fixed fuzz issue 15445 2019-08-27 22:27:47 -04:00
Jay Berkenbilt dadf8307c8 Fix fuzz issues 15316 and 15390 2019-08-27 20:39:06 -04:00
Jay Berkenbilt 456c285b02 Fix fuzz issue 16172 (overflow checking in OffsetInputSource) 2019-08-27 13:08:07 -04:00
Jay Berkenbilt ad8081daf5 Fix fuzz issue 15442 (overflow checking in BufferInputSource) 2019-08-27 11:26:25 -04:00
Jay Berkenbilt ac5e6de2e8 Fix fuzz issue 15387 (overflow checking xref size) 2019-08-27 11:26:25 -04:00
Jay Berkenbilt 6bc4cc3d48 Fix fuzz issue 15475 2019-08-25 22:52:25 -04:00
Jay Berkenbilt 94e86e2528 Fix fuzz issue 16301 2019-08-25 22:52:25 -04:00
Jay Berkenbilt 8721f189f8 Move qpdf_fuzzer tests to the end
This makes it faster to iterate on the other ones.
2019-08-25 22:52:25 -04:00
Jay Berkenbilt ecca87d73c Fuzz build: allow easy addition of test files 2019-08-25 22:52:25 -04:00
Thorsten Schöning 8f06da7534 Change list to vector for outline helpers (fixes #297)
This change works around STL problems with Embarcadero C++ Builder
version 10.2, but std::vector is more common than std::list in qpdf,
and this is a relatively new API, so an API change is tolerable.

Thanks to Thorsten Schöning <6223655+ams-tschoening@users.noreply.github.com>
for the fix.
2019-07-03 20:08:47 -04:00