2
1
mirror of https://github.com/qpdf/qpdf.git synced 2025-01-25 08:08:25 +00:00

2300 Commits

Author SHA1 Message Date
Jay Berkenbilt
b30deaeeab Avoid merging adjacent tokens when concatenating contents (fixes #444) 2020-10-23 08:00:04 -04:00
Jay Berkenbilt
0dea276997 Fix fix-qdf for empty streams 2020-10-23 06:39:42 -04:00
Jay Berkenbilt
802de87c30 Fix outdated comment in QPDFTokenizer.hh 2020-10-23 06:39:42 -04:00
Jay Berkenbilt
8a11feacc3 Avoid leak by resolving object streams more than once (fuzz issue 23642) 2020-10-22 15:39:36 -04:00
Jay Berkenbilt
30bb4c64ee Minor code cleanup
* Return rather than exiting from realmain in qpdf.cc
* Remove extraneous blank line
* Don't assign temporary to const reference
2020-10-22 15:39:36 -04:00
Jay Berkenbilt
232f5fc9f3 Handle jpeg library fuzz false positives
The jpeg library has some assembly code that is missed by the compiler
instrumentation used by memory sanitization. There is a runtime
environment variable that is used to work around this issue.
2020-10-22 06:31:52 -04:00
Jay Berkenbilt
c1684eae91 Check for overflow in page labels (fuzz issue 23599) 2020-10-22 05:49:24 -04:00
Jay Berkenbilt
7f4a4df919 Add range_check method to QIntC 2020-10-22 05:48:40 -04:00
Jay Berkenbilt
24196c08cb Fix loop detection error (fuzz issue 23172) 2020-10-22 05:48:35 -04:00
Jay Berkenbilt
6cc9489fd8 Update fuzz information 2020-10-22 05:11:36 -04:00
Jay Berkenbilt
956c8f6432 Obscure bug fix copying foreign streams in special cases (fixes #449)
Specifically, if a stream had its stream data replaced and had
indirect /Filter or /DecodeParms, it would result in non-silent loss
of data and/or internal error.
2020-10-21 19:23:23 -04:00
Jay Berkenbilt
ad96e1ad74 Restore accidentally removed lgtm banner 2020-10-21 17:19:57 -04:00
Jay Berkenbilt
725669f20e TODO: reminder to check work-related issues 2020-10-21 16:42:51 -04:00
Jay Berkenbilt
395efdf8d7 Turn off azure pipelines, completing migration to GitHub Actions 2020-10-21 16:42:51 -04:00
Jay Berkenbilt
98f6c00dad Protect numeric conversion against user's locale (fixes #459) 2020-10-21 16:42:51 -04:00
Jay Berkenbilt
ef127001b3 Remove some fuzz files with Mal/PDFEx-H (fixes #460)
There isn't really an issue with these files causing a real problem,
but malware and virus checkers trip on them, and the value to leaving
them in the test suite is too low to be worth the hassle.
2020-10-21 14:44:20 -04:00
Jay Berkenbilt
35014727f7 Build on a schedule and use latest versions of runners 2020-10-21 14:20:11 -04:00
Jay Berkenbilt
deeface146 Add automated test for shell wildcard expansion
Wildcard expansion is different in Windows from non-Windows and
sometimes requires special link options to work. Add tests that fail
if we link incorrectly.
2020-10-21 14:15:31 -04:00
Jay Berkenbilt
cfafac8d13 Create a minimal Linux binary distribution (fixes #352)
This is suitable for use as a Lambda layer in AWS, inclusion in a
docker container, or other places where a minimal binary distribution
is desired.
2020-10-21 10:07:34 -04:00
Jay Berkenbilt
758e3e38f5 Add option --warning-exit-0 to exit 0 instead of 3 with warnings 2020-10-20 18:02:39 -04:00
Jay Berkenbilt
90217e6686 Fix another case of errors written to stdout (fixes #438) 2020-10-20 17:48:55 -04:00
Jay Berkenbilt
c60af08a31 Ignore some paths for triggering build in CI 2020-10-20 17:28:44 -04:00
Jay Berkenbilt
b868ea141d TODO: Build issues including Windows external libraries 2020-10-20 17:26:09 -04:00
Jay Berkenbilt
56d96e2260 Add --disable-rpath to configure (fixes #422) 2020-10-20 17:18:20 -04:00
Jay Berkenbilt
bed165c9fc Stop using InputSource::unreadCh 2020-10-18 07:43:05 -04:00
Jay Berkenbilt
1a888ee3b1 TODO 2020-10-16 20:25:12 -04:00
Jay Berkenbilt
a3677ffe91 TODO and ChangeLog updates from merged pull requests 2020-10-16 20:15:14 -04:00
Dean Scarff
153060a0c5 Check integer overflow in resolveObjectsInStream
Fixes a crash found by fuzzing.
2020-10-16 20:09:24 -04:00
Dean Scarff
9a3791c53b Properly detect OPENSSL_IS_BORINGSSL
OPENSSL_IS_BORINGSSL is not actually set by configure, so it will be
undefined until a BoringSSL header is included.  Hence the #ifdef logic
in QPDFCrypto_openssl.h would usually never apply.

This still worked because evp.h transitively included BoringSSL's
cipher.h and digest.h, but the latter are the correct (documented)
headers.

By re-ordering the includes, we can ensure the macro is defined when we
use it.

Also: fix case in the header guards.
2020-10-16 20:04:36 -04:00
Dean Scarff
a99ad2b900 Update OpenSSL autoconf checks
- Checks explicitly for versions >= 1.1.0 with pkg-config
- Refactor the fallback checks.  Previously they were copied
from the gnutls logic, but could be slightly surprising (it's not
obvious that they're for the case where pkg-config returns a false
negative, and it's weird that the linker check overode the header check)
- Fix the AC_SEARCH_LIBS check to try -lcrypto instead of -lopenssl
(-lcrypto is the standard library OpenSSL ships the crypto symbols in).
- Fix the AC_SEARCH_LIBS check to look for EVP_MD_CTX_new, which is not
present in versions prior to 1.1.0.

Fixes qpdf/qpdf#429 (although I haven't verified on cygwin)
2020-10-16 20:04:36 -04:00
Dean Scarff
2ff84aa2c9 Include detailed OpenSSL error messages
Fixes qpdf/qpdf#450
2020-10-16 19:58:11 -04:00
James R. Barlow
3fc7c99d02 Replace memchr with manual memory search
On large files with predominantly \n line endings, memchr(..'\r'..)
seems to waste a considerable amount of time searching for a line
ending candidate that we don't need.

On the Adobe PDF Reference Manual 1.7, this commit is 8x faster at
QPDF::processMemoryFile().
2020-10-16 19:57:29 -04:00
oltolm
3221022fc9 fix WindowsCryptProvider fixes #432 2020-10-16 19:56:33 -04:00
Jay Berkenbilt
32245ca339 Trigger QPDF Build on build/* 2020-10-16 18:07:23 -04:00
Jay Berkenbilt
894d1c650c Minor notes on GitHub Actions migration 2020-10-16 17:52:43 -04:00
Jay Berkenbilt
92635d1203 Add GitHub Actions workflow 2020-10-16 17:34:21 -04:00
Jay Berkenbilt
1019ed5758 Fix to TestDriver.pm (qtest) 2020-10-16 17:15:39 -04:00
Jay Berkenbilt
18b34a5649 InputSource::unreadCh -- only unread most recently read character
This is all that ever worked. The test suite was trying to do
something different from ClosedFileInputSource.
2020-10-16 17:15:39 -04:00
Jay Berkenbilt
9a4d3534a1 Split distfiles into a separate job 2020-10-16 14:16:26 -04:00
Jay Berkenbilt
ba17370ff5 Make build-scripts portable for GitHub Actions 2020-10-16 14:16:26 -04:00
Jay Berkenbilt
30df7c886c Make QTEST_COLOR=1 force qtest to print in color 2020-10-16 14:16:23 -04:00
Jay Berkenbilt
1bcd8c1649 Rename azure-pipelines to build-scripts 2020-10-16 11:19:09 -04:00
Jay Berkenbilt
807aaa46b1 More reliable Windows wordsize detection 2020-10-16 07:02:25 -04:00
Jay Berkenbilt
ff65e272a8 Fix printf formatting for newer msvc
Use autoconf rather than ifdefs to determine what format string to use
for long long.
2020-10-16 07:02:23 -04:00
Jay Berkenbilt
be21ede7ba Rename github workflow main.yml to cifuzz.yml
Preparing to migrate qpdf's main build/CI to GitHub actions
2020-10-15 15:55:45 -04:00
Jay Berkenbilt
2a74062248 Azure pipelines: fix test-sanitizers job 2020-10-15 15:55:24 -04:00
Jay Berkenbilt
07909a62ed TODO: remove previously completed item 2020-10-15 15:27:49 -04:00
Jay Berkenbilt
7fbadba6cd Remove support for Travis CI
It is redundant with qpdf's main CI environment, which is Azure
Pipelines, but may soon be migrated to GitHub Actions.
2020-10-15 15:18:43 -04:00
Jay Berkenbilt
bbd45cd01c Clarify qpdf's exit statuses in the documentation 2020-10-15 15:03:14 -04:00
Jay Berkenbilt
8f1db4dcf2 Fix doc typo (--encryption-file-password) (fixes #468) 2020-10-15 14:54:34 -04:00