2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-11-09 14:50:58 +00:00
Commit Graph

87 Commits

Author SHA1 Message Date
Jay Berkenbilt
65bd8bc57d Add DCT decompression config methods in favor of compile-time changes
As a rule, we should avoid conditional compilation is it always causes
code paths that are sometimes not even seen lexically by the compiler.
Also, we want the actual code being fuzzed to be as close as possible
to the real code. Conditional compilation is suitable to handle
underlying system differences.

Instead, favor configuration using callbacks or other methods that can
be triggered in the places where they need to be exercised.
2024-07-03 15:43:38 +01:00
m-holger
42c511198b Suppress excessive warnings while fuzzing
Add extra fuzz test case and amend memory limit for Pl_DCT.
2024-07-02 01:16:23 +01:00
m-holger
0a081e1f09 In QPDFOutlineObjectHelper detect loops in direct children
Also, add diagnostic messages in qpdf_fuzzer and additional fuzz test case.
2024-06-29 12:38:07 +01:00
m-holger
6ed2880405
Merge pull request #1224 from m-holger/fuzz3
Fix #1170
2024-06-27 08:47:42 +01:00
m-holger
732aab8610
Merge pull request #1222 from m-holger/fuzz2
In PL_DCT add option to limit the size of uncompressed corrupt data
2024-06-27 08:20:01 +01:00
m-holger
8ae3ef28ac Fix #1170
In QPDF::read_xrefEntry add buffer overflow test for first eol character.
Overlong f1 or f2 entries consisting only of zeros could cause a buffer
overflow.

Add fuzz testcase 69913.
2024-06-27 08:17:58 +01:00
m-holger
d83cf43811 In PL_DCT add option to limit the size of uncompressed corrupt data
Also, apply limit in dct_fuzzer
2024-06-26 11:57:29 +01:00
m-holger
e62973d277 In QPDF check for page tree after reading xref table
Also add new fuzz test case.
2024-06-25 15:18:54 +01:00
m-holger
fff205dc7f Try moving only files matching *_fuzzer* in fuzzer build 2024-06-22 10:19:30 +01:00
Jay Berkenbilt
aaa6547335 Build all fuzzers with FUTURE=ON and FUTURE=OFF 2024-06-18 11:00:44 -04:00
Jay Berkenbilt
293203ac2d Use more idiomatic OFF and ON with cmake 2024-06-18 10:55:19 -04:00
m-holger
7f8e0a0d22 Add fuzz testcase 68915.fuzz 2024-05-11 21:49:27 +01:00
m-holger
02e89bbe47 Fix bug in QPDFWriter::preserveObjectStreams
Code failed to allow for QPDF::getCompressibleObjSet deleting objects
from the object cache in case of multiple entries for the same object id.

Add fuzz test case 68668.
2024-05-04 10:55:30 +01:00
m-holger
e85b98b7e8 Guard against object id == std::numeric_limits<int> in QPDF::insertReconstructedXrefEntry 2024-04-30 12:38:02 +01:00
m-holger
60c7d594b8 In QPDF::filterCompressedObjects ignore objects not in QPDFWriter tables
Add fuzz case 68377.
2024-04-30 10:46:06 +01:00
Jay Berkenbilt
b1b789df42 Detect end of input inside an unfinished JSON string 2024-02-06 15:30:29 -05:00
Jay Berkenbilt
3490090fbc Detect JSON object whose value is an indirect object 2024-02-06 15:12:41 -05:00
Jay Berkenbilt
7ae095fa09 Fix JSON parser error found by fuzz 2024-02-04 17:27:49 -05:00
Jay Berkenbilt
f0fb19df9d Add json fuzzer with seed files from #1123 and test suite
...as well as some cases generated in CI from earlier attempts at
fixing this.
2024-02-04 17:27:49 -05:00
Jay Berkenbilt
e641a883cd Exercise more parameters of the tiff predictor in fuzz 2024-02-03 11:27:42 -05:00
m-holger
3279c21e13 Add additional test case for fuzz tests 2024-02-03 11:20:57 -05:00
m-holger
6e3b7982db Fix incorrect handling of invalid negative object ids
Fix two errors introduced in #1110 and #1112. Since
#1110, encountering the invalid indirect reference #1110
-2147483648 n R produces an integer underflow which, if
 undetected, immediately trigger a logic error. Since
 #1112, object -1 0 R may be incorrectly identified as
 an earlier generation of itself and deleted,
 invalidating a live iterator.
2024-01-17 10:39:06 +00:00
Jay Berkenbilt
ebb10f3256 Fix null pointer issue on array copy 2024-01-12 08:05:22 -05:00
Jay Berkenbilt
60965d5f4d Rerun clang-format 2023-05-21 13:35:09 -04:00
m-holger
e6577a1323 Replace 'virtual' specifier with 'override' 2023-05-20 15:41:56 +01:00
Jay Berkenbilt
a69fea14ae Add the file to reproduce fuzz issue 57639
It is possible to reproduce the failure with this file following the
instructions with oss-fuzz, though it does not cause a failure in CI.

The failure was introduced in
18c1ffe0df.
2023-05-05 06:45:40 -04:00
Jay Berkenbilt
a59e7ac7ec Disable copying/assigning to QPDF objects, add QPDF::create() 2022-09-02 08:53:27 -04:00
m-holger
6c69a747b9 Code clean up: use range-style for loops wherever possible
Remove variables obsoleted by commit 4f24617.
2022-05-21 16:06:29 -04:00
Jay Berkenbilt
16f4f94cd9 Prepare code for JSON v2
Update getJSON() methods and calls to them
2022-05-07 11:12:01 -04:00
Jay Berkenbilt
8ccd3a8a89 Mark weak encryption with API changes (fixes #576) 2022-04-30 17:24:15 -04:00
Jay Berkenbilt
4f24617e1e Code clean up: use range-style for loops wherever possible
Where not possible, use "auto" to get the iterator type.

Editorial note: I have avoid this change for a long time because of
not wanting to make gratuitous changes to version history, which can
obscure when certain changes were made, but with having recently
touched every single file to apply automatic code formatting and with
making several broad changes to the API, I decided it was time to take
the plunge and get rid of the older (pre-C++11) verbose iterator
syntax. The new code is just easier to read and understand, and in
many cases, it will be more effecient as fewer temporary copies are
being made.

m-holger, if you're reading, you can see that I've finally come
around. :-)
2022-04-30 13:27:18 -04:00
Jay Berkenbilt
cdd0b4fb7d Use = default and = delete where possible in classes 2022-04-16 11:39:14 -04:00
Jay Berkenbilt
ba0ef7a124 Replace PointerHolder with std::shared_ptr in the rest of the code
Increase to POINTERHOLDER_TRANSITION=3

patrepl s/PointerHolder/std::shared_ptr/g **/*.cc **/*.hh
patrepl s/make_pointer_holder/std::make_shared/g **/*.cc
patrepl s/make_array_pointer_holder/QUtil::make_shared_array/g **/*.cc
patrepl s,qpdf/std::shared_ptr,qpdf/PointerHolder, **/*.cc **/*.hh
git restore include/qpdf/PointerHolder.hh
git restore libtests/pointer_holder.cc
cleanpatch
./format-code
2022-04-09 17:33:29 -04:00
Jay Berkenbilt
12f1eb15ca Programmatically apply new formatting to code
Run this:

for i in  **/*.cc **/*.c **/*.h **/*.hh; do
  clang-format < $i >| $i.new && mv $i.new $i
done
2022-04-04 08:10:40 -04:00
Jay Berkenbilt
70d0d0889b Remove old build files 2022-03-18 19:53:18 -04:00
Jay Berkenbilt
87db567e1f Convert oss-fuzz-build to use cmake 2022-03-18 19:53:18 -04:00
Jay Berkenbilt
b8aff90997 Add cmake configuration files 2022-03-18 19:53:18 -04:00
Jay Berkenbilt
c71e41e9d9 Change handling of qpdf fuzz corpus
Files are copied into the build area rather than left in the source
tree, and the test suite looks for them there. Also remove special
case around counting files in the qpdf corpus.
2022-03-18 19:53:18 -04:00
Jay Berkenbilt
104684fe3f No newline for fuzz sha 2022-03-05 08:15:50 -05:00
Jay Berkenbilt
cb769c62e5 WHITESPACE ONLY -- expand tabs in source code
This comment expands all tabs using an 8-character tab-width. You
should ignore this commit when using git blame or use git blame -w.

In the early days, I used to use tabs where possible for indentation,
since emacs did this automatically. In recent years, I have switched
to only using spaces, which means qpdf source code has been a mixture
of spaces and tabs. I have avoided cleaning this up because of not
wanting gratuitous whitespaces change to cloud the output of git
blame, but I changed my mind after discussing with users who view qpdf
source code in editors/IDEs that have other tab widths by default and
in light of the fact that I am planning to start applying automatic
code formatting soon.
2022-02-08 11:51:15 -05:00
Jay Berkenbilt
c62e8e2b28 Update for clean compile with POINTERHOLDER_TRANSITION=2 2022-02-07 17:38:22 -05:00
Jay Berkenbilt
9044a24097 PointerHolder: deprecate getPointer() and getRefcount()
Use get() and use_count() instead. Add #define
NO_POINTERHOLDER_DEPRECATION to remove deprecation markers for these
only.

This commit also removes all deprecated PointerHolder API calls from
qpdf's code except in PointerHolder's test suite, which must continue
to test the deprecated APIs.
2022-02-04 13:12:37 -05:00
Jay Berkenbilt
e4ef3d1540 Remove original qpdf fuzz seed corpus from tests
Since the introduction of fuzz testing, there has never been a problem
found because of a failure of a file in the fuzzer seed corpus. As the
fuzzer has found problems, they have been added to the test suite, and
that should be adequate to exercise the fuzzers in the tesing
environment as well as providing adequate regression testing.

Removing these original files shaves many minutes off the builds in CI.
2021-12-16 15:53:24 -05:00
Jay Berkenbilt
750aca5b94 First increment of improving handling of weak crypto (fixes #358) 2021-11-11 12:24:15 -05:00
Jay Berkenbilt
a84a0b2487 Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740) 2021-11-04 14:03:24 -04:00
Jay Berkenbilt
4a648b9a00 Fix bug in merging resources /DR from foreign AcroForm (fixes #548)
When making resources indirect in from_dr, the code was using the
wrong owning QPDF, forgetting that from_dr had already been copied
using CopyForeignObject.
2021-11-04 12:29:42 -04:00
Jay Berkenbilt
9fcf61b2f6 Fix loop in QPDFOutlineDocumentHelper (fuzz issue 30507) 2021-02-10 16:27:44 -05:00
Jay Berkenbilt
dc92574c10 Fix some pipelines to be safe if downstream write fails (fuzz issue 28262) 2021-01-04 15:17:35 -05:00
Jay Berkenbilt
3be58f49e5 Make more QPDFPageObjectHelper methods work with form XObject 2021-01-02 14:08:53 -05:00
Jay Berkenbilt
63ea46193d QPDFPageObjectHelper: getPageImages -> getImages 2021-01-02 11:33:36 -05:00