2
1
mirror of https://github.com/qpdf/qpdf.git synced 2025-01-03 15:17:29 +00:00
Commit Graph

37 Commits

Author SHA1 Message Date
Jay Berkenbilt
9d64481571 Handle negative numbers in QIntC::range_check (fuzz issue 26994) 2020-11-21 13:43:04 -05:00
Jay Berkenbilt
bd79138c84 Treat direct page as runtime rather than logic error (fuzz issue 27393) 2020-11-11 09:50:43 -05:00
Jay Berkenbilt
6971f78ff6 Fix stack overflow on direct root (fuzz issue 26761) 2020-10-31 13:10:39 -04:00
Jay Berkenbilt
8a11feacc3 Avoid leak by resolving object streams more than once (fuzz issue 23642) 2020-10-22 15:39:36 -04:00
Jay Berkenbilt
232f5fc9f3 Handle jpeg library fuzz false positives
The jpeg library has some assembly code that is missed by the compiler
instrumentation used by memory sanitization. There is a runtime
environment variable that is used to work around this issue.
2020-10-22 06:31:52 -04:00
Jay Berkenbilt
c1684eae91 Check for overflow in page labels (fuzz issue 23599) 2020-10-22 05:49:24 -04:00
Jay Berkenbilt
24196c08cb Fix loop detection error (fuzz issue 23172) 2020-10-22 05:48:35 -04:00
Jay Berkenbilt
ef127001b3 Remove some fuzz files with Mal/PDFEx-H (fixes #460)
There isn't really an issue with these files causing a real problem,
but malware and virus checkers trip on them, and the value to leaving
them in the test suite is too low to be worth the hassle.
2020-10-21 14:44:20 -04:00
Jay Berkenbilt
1bcd8c1649 Rename azure-pipelines to build-scripts 2020-10-16 11:19:09 -04:00
Jay Berkenbilt
6d1d244615 Explicitly use only native crypto for oss-fuzz
I don't need qpdf's fuzz to find leaks and invalid memory in gnutls.
2019-11-09 09:53:42 -05:00
Jay Berkenbilt
9094fb1f8e Fix two additional fuzz test cases 2019-11-03 18:59:12 -05:00
Jay Berkenbilt
bb83e65193 Fix fuzz issue 16953 (overflow checking in xref stream index) 2019-09-17 19:48:47 -04:00
Jay Berkenbilt
0e51a9aca6 Don't encrypt trailer, fixes fuzz issue 15983
Ordinarily the trailer doesn't contain any strings, so this is usually
a non-issue, but if the trailer contains strings, linearizing and
encrypting with object streams would include encrypted strings in the
trailer, which would blow out the padding because encrypted strings
are longer than their cleartext counterparts.
2019-08-28 23:06:32 -04:00
Jay Berkenbilt
47a38a942d Detect stream in object stream, fixing fuzz 16214
It's detected in QPDFWriter instead of at parse time because I can't
figure out how to construct a test case in a reasonable time. This
commit moves the fuzz file into the regular test suite for a QTC
coverage case.
2019-08-28 12:49:04 -04:00
Jay Berkenbilt
15248aa54b Safe pipeline pop fixed fuzz issue 15445 2019-08-27 22:27:47 -04:00
Jay Berkenbilt
dadf8307c8 Fix fuzz issues 15316 and 15390 2019-08-27 20:39:06 -04:00
Jay Berkenbilt
456c285b02 Fix fuzz issue 16172 (overflow checking in OffsetInputSource) 2019-08-27 13:08:07 -04:00
Jay Berkenbilt
ad8081daf5 Fix fuzz issue 15442 (overflow checking in BufferInputSource) 2019-08-27 11:26:25 -04:00
Jay Berkenbilt
ac5e6de2e8 Fix fuzz issue 15387 (overflow checking xref size) 2019-08-27 11:26:25 -04:00
Jay Berkenbilt
6bc4cc3d48 Fix fuzz issue 15475 2019-08-25 22:52:25 -04:00
Jay Berkenbilt
94e86e2528 Fix fuzz issue 16301 2019-08-25 22:52:25 -04:00
Jay Berkenbilt
8721f189f8 Move qpdf_fuzzer tests to the end
This makes it faster to iterate on the other ones.
2019-08-25 22:52:25 -04:00
Jay Berkenbilt
ecca87d73c Fuzz build: allow easy addition of test files 2019-08-25 22:52:25 -04:00
Thorsten Schöning
8f06da7534 Change list to vector for outline helpers (fixes #297)
This change works around STL problems with Embarcadero C++ Builder
version 10.2, but std::vector is more common than std::list in qpdf,
and this is a relatively new API, so an API change is tolerable.

Thanks to Thorsten Schöning <6223655+ams-tschoening@users.noreply.github.com>
for the fix.
2019-07-03 20:08:47 -04:00
Jay Berkenbilt
0ae344d002 Add fuzzers to exercise specific pipeline classes 2019-06-23 15:37:21 -04:00
Jay Berkenbilt
1bde5c68a3 Add QUtil::read_file_into_memory
This code was essentially duplicated between test_driver and
standalone_fuzz_target_runner.
2019-06-22 10:14:25 -04:00
Jay Berkenbilt
793d987b5f Update qpdf_fuzzer to increase coverage 2019-06-21 17:56:24 -04:00
Jay Berkenbilt
2320714339 Clean up fuzzer installation and add test files
* Create the seed corpus in the build directory
* Don't assume all fuzzers share an options file
2019-06-21 17:39:53 -04:00
Jay Berkenbilt
2c81eec45e Re-enable fuzzer testing in Windows 2019-06-21 17:32:35 -04:00
Jay Berkenbilt
d71f05ca07 Fix sign and conversion warnings (major)
This makes all integer type conversions that have potential data loss
explicit with calls that do range checks and raise an exception. After
this commit, qpdf builds with no warnings when -Wsign-conversion
-Wconversion is used with gcc or clang or when -W3 -Wd4800 is used
with MSVC. This significantly reduces the likelihood of potential
crashes from bogus integer values.

There are some parts of the code that take int when they should take
size_t or an offset. Such places would make qpdf not support files
with more than 2^31 of something that usually wouldn't be so large. In
the event that such a file shows up and is valid, at least qpdf would
raise an error in the right spot so the issue could be legitimately
addressed rather than failing in some weird way because of a silent
overflow condition.
2019-06-21 13:17:21 -04:00
Jay Berkenbilt
616ae15595 Remove qpdf_read_memory_fuzzer 2019-06-18 08:43:55 -04:00
Jay Berkenbilt
bcfa407912 As a test suite, run stand-alone fuzzer on seed corpus
Temporarily skip fuzz tests on Windows. There are Windows-specific
failures to address later.
2019-06-15 17:24:24 -04:00
Jay Berkenbilt
e2c77bab89 Populate seed corpus 2019-06-15 17:24:24 -04:00
Jay Berkenbilt
9d31037489 Add corpus from previous fuzzer
This is the set of files from the latest corpus of running the older
fuzzer (qpdf_read_memory_fuzzer) at the time of adding the new fuzzer
(qpdf_fuzzer) after running a merge operation to minimize the corpus.
2019-06-15 17:24:24 -04:00
Jay Berkenbilt
f561a5df32 Implement fuzzer with good coverage 2019-06-15 17:24:24 -04:00
Jay Berkenbilt
d0b26b8337 oss-fuzz-build: support branch switching 2019-06-14 11:05:48 -04:00
Jay Berkenbilt
3d03024ab2 oss-fuzz initial integration 2019-06-13 09:28:38 -04:00