m-holger
64e9839710
Validate key length in Pl_AES_PDF constructor
2024-11-08 17:35:28 +00:00
m-holger
c2ff89ae11
Add additional fuzz test cases
2024-09-28 00:36:32 +01:00
m-holger
0aa6b67eea
In QPDFWordTokenFinder::check limit the token length
...
Tokens longer than the target cannot be a match and therefore there is no
need to read to the end of token.
2024-09-24 01:32:32 +01:00
m-holger
477fbd9839
Add additional fuzz test cases
2024-09-20 15:28:53 +01:00
m-holger
68c2489b80
For qpdf fuzzers adjust the memory limit for Flate filtered streams
2024-09-18 00:13:24 +01:00
m-holger
dcf111a9bc
Apply fuzzer Pl_Flate memory limit only when inflating
...
Fixes fuzz issue 71689.
2024-09-18 00:12:44 +01:00
m-holger
9ba6e070a1
Fix #1242
...
Ensure QPDF m->all_pages and invalid_page_found are reset if
getAllPagesInternal throws an exception.
Fixes fuzz case 71624.
2024-09-16 16:04:43 +01:00
m-holger
d8d73679e7
Split qpdf_fuzzer into six separate fuzzers
2024-09-03 14:21:06 +01:00
m-holger
8ed10d71ea
In qpdf_fuzzer and dct_fuzzer add a scan limit for Pl_DCT
2024-08-25 17:03:26 +01:00
m-holger
08eb6844c7
Add new qpdf_fuzzer test cases
2024-08-06 12:26:37 +01:00
m-holger
3bab4cf394
Refactor Pl_RunLength::decode
...
Buffer output locally.
Add qpdf_fuzzer test case.
2024-08-03 15:52:45 +01:00
m-holger
5edb548148
Reduce Pl_DCT and Pl_Flate memory limits during fuzzing
...
Also, add additional qpdf_fuzzer test case.
2024-08-03 14:09:31 +01:00
m-holger
2bb9e06d1e
In qpdf_fuzzer add a memory limit for Pl_Flate
2024-07-28 19:54:38 +01:00
m-holger
bc68003cb3
Add additional qpdf_fuzzer test case
2024-07-28 18:10:02 +01:00
m-holger
f8518d3677
Adjust qpdf_fuzzer warnings limit
2024-07-27 21:18:06 +01:00
m-holger
4f694cdfde
In qpdf_fuzzer reduce Pl_PNGFilter and Pl_TIFFPredictor memory limits
2024-07-22 13:25:21 +01:00
m-holger
30e187b458
Rename fuzz test case
2024-07-18 16:50:37 +01:00
m-holger
34729e37e0
Limit memory used by Pl_PNGFilter and Pl_TIFFPredictor during fuzzing
2024-07-18 16:50:30 +01:00
m-holger
fe1fffe8db
Change QPDF max_warnings into a hard limit
...
Throw damagedFile if max_warnings is exceeded. Change qpdf_fuzzer warnings limit to
limit to 500.
2024-07-18 16:50:08 +01:00
m-holger
992b7911ce
Limit the number of warnings in json_fuzzer before giving up
2024-07-16 15:36:58 +01:00
m-holger
e14e828c3d
Add further fuzz tests
2024-07-16 14:52:09 +01:00
m-holger
722148de3d
Further limit size of uncompressed JPEG for fuzzing
...
Try a limit of 50MB. For very large limits processing time before
damage is encountered may exceed oss-fuzz limits.
Add further test cases.
2024-07-11 14:32:22 +01:00
m-holger
c2c1618e08
Add extra sanity check on pages tree
...
Reject non-dictionary Page and Pages objects.
Also add additional qpdf_fuzzer test cases.
2024-07-10 19:03:23 +01:00
m-holger
7172dbd4e0
Add additional fuzzer test cases
...
Add test case for oss-fuzz 15471 and 69977a
2024-07-09 17:17:10 +01:00
m-holger
e76d668219
Add qpdf_fuzzer test case
2024-07-07 23:58:18 +01:00
m-holger
c1cd3ec8a0
In QPDF::processXRefIndex check number of objects in subsection is > 0
...
Fixes oss-fuzz 70055
2024-07-06 16:09:50 +01:00
Jay Berkenbilt
598268f6ad
Add setMaxWarnings rather than using conditional compilation
2024-07-03 15:44:44 +01:00
Jay Berkenbilt
65bd8bc57d
Add DCT decompression config methods in favor of compile-time changes
...
As a rule, we should avoid conditional compilation is it always causes
code paths that are sometimes not even seen lexically by the compiler.
Also, we want the actual code being fuzzed to be as close as possible
to the real code. Conditional compilation is suitable to handle
underlying system differences.
Instead, favor configuration using callbacks or other methods that can
be triggered in the places where they need to be exercised.
2024-07-03 15:43:38 +01:00
m-holger
42c511198b
Suppress excessive warnings while fuzzing
...
Add extra fuzz test case and amend memory limit for Pl_DCT.
2024-07-02 01:16:23 +01:00
m-holger
0a081e1f09
In QPDFOutlineObjectHelper detect loops in direct children
...
Also, add diagnostic messages in qpdf_fuzzer and additional fuzz test case.
2024-06-29 12:38:07 +01:00
m-holger
6ed2880405
Merge pull request #1224 from m-holger/fuzz3
...
Fix #1170
2024-06-27 08:47:42 +01:00
m-holger
732aab8610
Merge pull request #1222 from m-holger/fuzz2
...
In PL_DCT add option to limit the size of uncompressed corrupt data
2024-06-27 08:20:01 +01:00
m-holger
8ae3ef28ac
Fix #1170
...
In QPDF::read_xrefEntry add buffer overflow test for first eol character.
Overlong f1 or f2 entries consisting only of zeros could cause a buffer
overflow.
Add fuzz testcase 69913.
2024-06-27 08:17:58 +01:00
m-holger
d83cf43811
In PL_DCT add option to limit the size of uncompressed corrupt data
...
Also, apply limit in dct_fuzzer
2024-06-26 11:57:29 +01:00
m-holger
e62973d277
In QPDF check for page tree after reading xref table
...
Also add new fuzz test case.
2024-06-25 15:18:54 +01:00
m-holger
fff205dc7f
Try moving only files matching *_fuzzer* in fuzzer build
2024-06-22 10:19:30 +01:00
Jay Berkenbilt
aaa6547335
Build all fuzzers with FUTURE=ON and FUTURE=OFF
2024-06-18 11:00:44 -04:00
Jay Berkenbilt
293203ac2d
Use more idiomatic OFF and ON with cmake
2024-06-18 10:55:19 -04:00
m-holger
7f8e0a0d22
Add fuzz testcase 68915.fuzz
2024-05-11 21:49:27 +01:00
m-holger
02e89bbe47
Fix bug in QPDFWriter::preserveObjectStreams
...
Code failed to allow for QPDF::getCompressibleObjSet deleting objects
from the object cache in case of multiple entries for the same object id.
Add fuzz test case 68668.
2024-05-04 10:55:30 +01:00
m-holger
e85b98b7e8
Guard against object id == std::numeric_limits<int> in QPDF::insertReconstructedXrefEntry
2024-04-30 12:38:02 +01:00
m-holger
60c7d594b8
In QPDF::filterCompressedObjects ignore objects not in QPDFWriter tables
...
Add fuzz case 68377.
2024-04-30 10:46:06 +01:00
Jay Berkenbilt
b1b789df42
Detect end of input inside an unfinished JSON string
2024-02-06 15:30:29 -05:00
Jay Berkenbilt
3490090fbc
Detect JSON object whose value is an indirect object
2024-02-06 15:12:41 -05:00
Jay Berkenbilt
7ae095fa09
Fix JSON parser error found by fuzz
2024-02-04 17:27:49 -05:00
Jay Berkenbilt
f0fb19df9d
Add json fuzzer with seed files from #1123 and test suite
...
...as well as some cases generated in CI from earlier attempts at
fixing this.
2024-02-04 17:27:49 -05:00
Jay Berkenbilt
e641a883cd
Exercise more parameters of the tiff predictor in fuzz
2024-02-03 11:27:42 -05:00
m-holger
3279c21e13
Add additional test case for fuzz tests
2024-02-03 11:20:57 -05:00
m-holger
6e3b7982db
Fix incorrect handling of invalid negative object ids
...
Fix two errors introduced in #1110 and #1112 . Since
#1110 , encountering the invalid indirect reference #1110
-2147483648 n R produces an integer underflow which, if
undetected, immediately trigger a logic error. Since
#1112 , object -1 0 R may be incorrectly identified as
an earlier generation of itself and deleted,
invalidating a live iterator.
2024-01-17 10:39:06 +00:00
Jay Berkenbilt
ebb10f3256
Fix null pointer issue on array copy
2024-01-12 08:05:22 -05:00