2
1
mirror of https://github.com/qpdf/qpdf.git synced 2025-01-03 15:17:29 +00:00
Commit Graph

1869 Commits

Author SHA1 Message Date
Jay Berkenbilt
6971f78ff6 Fix stack overflow on direct root (fuzz issue 26761) 2020-10-31 13:10:39 -04:00
Jay Berkenbilt
ffe6af6f77 Add comments explaining the foreign object copying code
These are the comments I would have liked to have been able to read
while fixing #449 and #478.
2020-10-31 12:14:26 -04:00
Jay Berkenbilt
96767fb104 Fix foreign stream copying bug (fixes #478)
This reverts an incorrect fix to #449 and codes it properly. The real
problem was that we were looking at the local dictionaries rather than
the foreign dictionaries when saving the foreign stream data. In the
case of direct objects, these happened to be the same, but in the case
of indirect objects, the object references could be pointing anywhere
since object numbers don't match up between the old and new files.
2020-10-31 12:14:26 -04:00
Jay Berkenbilt
f1ae55a430 Better indirect filter test case
The test suite now contains test cases that fail with both 10.0.1 and
10.0.2 and reproduce the internal error from #449.
2020-10-31 09:02:30 -04:00
Jay Berkenbilt
c5602e931a Run CI Fuzz integration on push as well as pull request 2020-10-27 18:07:56 -04:00
Jay Berkenbilt
54759cbf63 Remove C++-11 notes from TODO 2020-10-27 18:07:07 -04:00
Jay Berkenbilt
24f62e38a7 Fix a few maintainer notes 2020-10-27 18:06:13 -04:00
Jay Berkenbilt
da7540794a Prepare 10.0.2 release 2020-10-27 11:57:48 -04:00
Jay Berkenbilt
09bd1fafb1 Improve efficiency of number to string conversion 2020-10-27 11:57:48 -04:00
Jay Berkenbilt
bcea54fcaa Revert removal of unreadCh change for performance
Turns out unreadCh is much more efficient than seek(-1, SEEK_CUR).
Update comments and code to reflect this.
2020-10-27 11:57:48 -04:00
Jay Berkenbilt
81d2c548dc Spell check 2020-10-26 19:42:46 -04:00
Jay Berkenbilt
db08974e88 Release notes for 10.0.2 2020-10-26 19:39:36 -04:00
Jay Berkenbilt
bc9c80dbe0 Add some missing ChangeLog entries 2020-10-26 11:51:33 -04:00
Jay Berkenbilt
7120c4a748 Use sha256 for signing release files 2020-10-25 18:06:40 -04:00
Jay Berkenbilt
4e8d21d849 Build Windows releases with openssl; automate external libraries
External libraries for Windows are now built automatically in the
qpdf/external-libs repository and include openssl in addition to zlib
and jpeg. Use these, and update the Windows build to build with the
openssl crypto provider by default. We leave the native crypto
provider enabled in case there is a problem with openssl and also to
continue to exercise that code.
2020-10-25 18:06:16 -04:00
Jay Berkenbilt
026330ebcd Make libtests depend on qpdf
We need to run qpdf --show-crypto.
2020-10-24 19:16:46 -04:00
Jay Berkenbilt
fd13fe74ef TODO and comments item for pipeContentStreams 2020-10-23 16:53:58 -04:00
Jay Berkenbilt
f8e4b6161c With --no-warn, suppress warnings in split-pages
Warnings issued on the output QPDF object were not suppressing
warnings since that option was only set on the input QPDF object.
2020-10-23 16:27:51 -04:00
Jay Berkenbilt
e3248a8cd1 Update fuzz issue list 2020-10-23 11:08:44 -04:00
Jay Berkenbilt
b30deaeeab Avoid merging adjacent tokens when concatenating contents (fixes #444) 2020-10-23 08:00:04 -04:00
Jay Berkenbilt
0dea276997 Fix fix-qdf for empty streams 2020-10-23 06:39:42 -04:00
Jay Berkenbilt
802de87c30 Fix outdated comment in QPDFTokenizer.hh 2020-10-23 06:39:42 -04:00
Jay Berkenbilt
8a11feacc3 Avoid leak by resolving object streams more than once (fuzz issue 23642) 2020-10-22 15:39:36 -04:00
Jay Berkenbilt
30bb4c64ee Minor code cleanup
* Return rather than exiting from realmain in qpdf.cc
* Remove extraneous blank line
* Don't assign temporary to const reference
2020-10-22 15:39:36 -04:00
Jay Berkenbilt
232f5fc9f3 Handle jpeg library fuzz false positives
The jpeg library has some assembly code that is missed by the compiler
instrumentation used by memory sanitization. There is a runtime
environment variable that is used to work around this issue.
2020-10-22 06:31:52 -04:00
Jay Berkenbilt
c1684eae91 Check for overflow in page labels (fuzz issue 23599) 2020-10-22 05:49:24 -04:00
Jay Berkenbilt
7f4a4df919 Add range_check method to QIntC 2020-10-22 05:48:40 -04:00
Jay Berkenbilt
24196c08cb Fix loop detection error (fuzz issue 23172) 2020-10-22 05:48:35 -04:00
Jay Berkenbilt
6cc9489fd8 Update fuzz information 2020-10-22 05:11:36 -04:00
Jay Berkenbilt
956c8f6432 Obscure bug fix copying foreign streams in special cases (fixes #449)
Specifically, if a stream had its stream data replaced and had
indirect /Filter or /DecodeParms, it would result in non-silent loss
of data and/or internal error.
2020-10-21 19:23:23 -04:00
Jay Berkenbilt
ad96e1ad74 Restore accidentally removed lgtm banner 2020-10-21 17:19:57 -04:00
Jay Berkenbilt
725669f20e TODO: reminder to check work-related issues 2020-10-21 16:42:51 -04:00
Jay Berkenbilt
395efdf8d7 Turn off azure pipelines, completing migration to GitHub Actions 2020-10-21 16:42:51 -04:00
Jay Berkenbilt
98f6c00dad Protect numeric conversion against user's locale (fixes #459) 2020-10-21 16:42:51 -04:00
Jay Berkenbilt
ef127001b3 Remove some fuzz files with Mal/PDFEx-H (fixes #460)
There isn't really an issue with these files causing a real problem,
but malware and virus checkers trip on them, and the value to leaving
them in the test suite is too low to be worth the hassle.
2020-10-21 14:44:20 -04:00
Jay Berkenbilt
35014727f7 Build on a schedule and use latest versions of runners 2020-10-21 14:20:11 -04:00
Jay Berkenbilt
deeface146 Add automated test for shell wildcard expansion
Wildcard expansion is different in Windows from non-Windows and
sometimes requires special link options to work. Add tests that fail
if we link incorrectly.
2020-10-21 14:15:31 -04:00
Jay Berkenbilt
cfafac8d13 Create a minimal Linux binary distribution (fixes #352)
This is suitable for use as a Lambda layer in AWS, inclusion in a
docker container, or other places where a minimal binary distribution
is desired.
2020-10-21 10:07:34 -04:00
Jay Berkenbilt
758e3e38f5 Add option --warning-exit-0 to exit 0 instead of 3 with warnings 2020-10-20 18:02:39 -04:00
Jay Berkenbilt
90217e6686 Fix another case of errors written to stdout (fixes #438) 2020-10-20 17:48:55 -04:00
Jay Berkenbilt
c60af08a31 Ignore some paths for triggering build in CI 2020-10-20 17:28:44 -04:00
Jay Berkenbilt
b868ea141d TODO: Build issues including Windows external libraries 2020-10-20 17:26:09 -04:00
Jay Berkenbilt
56d96e2260 Add --disable-rpath to configure (fixes #422) 2020-10-20 17:18:20 -04:00
Jay Berkenbilt
bed165c9fc Stop using InputSource::unreadCh 2020-10-18 07:43:05 -04:00
Jay Berkenbilt
1a888ee3b1 TODO 2020-10-16 20:25:12 -04:00
Jay Berkenbilt
a3677ffe91 TODO and ChangeLog updates from merged pull requests 2020-10-16 20:15:14 -04:00
Dean Scarff
153060a0c5 Check integer overflow in resolveObjectsInStream
Fixes a crash found by fuzzing.
2020-10-16 20:09:24 -04:00
Dean Scarff
9a3791c53b Properly detect OPENSSL_IS_BORINGSSL
OPENSSL_IS_BORINGSSL is not actually set by configure, so it will be
undefined until a BoringSSL header is included.  Hence the #ifdef logic
in QPDFCrypto_openssl.h would usually never apply.

This still worked because evp.h transitively included BoringSSL's
cipher.h and digest.h, but the latter are the correct (documented)
headers.

By re-ordering the includes, we can ensure the macro is defined when we
use it.

Also: fix case in the header guards.
2020-10-16 20:04:36 -04:00
Dean Scarff
a99ad2b900 Update OpenSSL autoconf checks
- Checks explicitly for versions >= 1.1.0 with pkg-config
- Refactor the fallback checks.  Previously they were copied
from the gnutls logic, but could be slightly surprising (it's not
obvious that they're for the case where pkg-config returns a false
negative, and it's weird that the linker check overode the header check)
- Fix the AC_SEARCH_LIBS check to try -lcrypto instead of -lopenssl
(-lcrypto is the standard library OpenSSL ships the crypto symbols in).
- Fix the AC_SEARCH_LIBS check to look for EVP_MD_CTX_new, which is not
present in versions prior to 1.1.0.

Fixes qpdf/qpdf#429 (although I haven't verified on cygwin)
2020-10-16 20:04:36 -04:00
Dean Scarff
2ff84aa2c9 Include detailed OpenSSL error messages
Fixes qpdf/qpdf#450
2020-10-16 19:58:11 -04:00