diff options
author | Jay Berkenbilt <ejb@ql.org> | 2020-10-22 11:45:01 +0200 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2020-10-22 11:49:24 +0200 |
commit | c1684eae9144129027642f5069a0fd97f0559ec8 (patch) | |
tree | 9c899a6fa273f6a78ecd8b957d7c34c66f70f857 | |
parent | 7f4a4df919f0b305ba7d3b63ed722ab38e3eb2d5 (diff) | |
download | qpdf-c1684eae9144129027642f5069a0fd97f0559ec8.tar.zst |
Check for overflow in page labels (fuzz issue 23599)
-rw-r--r-- | TODO | 1 | ||||
-rw-r--r-- | fuzz/qpdf_extra/23599.fuzz | bin | 0 -> 369 bytes | |||
-rw-r--r-- | libqpdf/QPDFPageLabelDocumentHelper.cc | 1 |
3 files changed, 1 insertions, 1 deletions
@@ -65,7 +65,6 @@ Fuzz Errors * https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=<N> * New: - * 23599: integer overflow: https://oss-fuzz.com/testcase?key=6290807920525312 * 23642: leak: https://oss-fuzz.com/testcase-detail/4906569690251264 * Ignoring these: diff --git a/fuzz/qpdf_extra/23599.fuzz b/fuzz/qpdf_extra/23599.fuzz Binary files differnew file mode 100644 index 00000000..cd290b1a --- /dev/null +++ b/fuzz/qpdf_extra/23599.fuzz diff --git a/libqpdf/QPDFPageLabelDocumentHelper.cc b/libqpdf/QPDFPageLabelDocumentHelper.cc index a650fa9c..4be9073f 100644 --- a/libqpdf/QPDFPageLabelDocumentHelper.cc +++ b/libqpdf/QPDFPageLabelDocumentHelper.cc @@ -53,6 +53,7 @@ QPDFPageLabelDocumentHelper::getLabelForPage(long long page_idx) { start = St.getIntValue(); } + QIntC::range_check(start, offset); start += offset; result = QPDFObjectHandle::newDictionary(); result.replaceOrRemoveKey("/S", S); |