diff options
| -rw-r--r-- | fuzz/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | fuzz/qpdf_extra/65773.fuzz | 1 | ||||
| -rw-r--r-- | fuzz/qpdf_extra/65777.fuzz | bin | 0 -> 67 bytes | |||
| -rw-r--r-- | fuzz/qtest/fuzz.test | 2 | ||||
| -rw-r--r-- | libqpdf/QPDF.cc | 9 |
5 files changed, 9 insertions, 5 deletions
diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index df1fa807..e4a8cf36 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -111,6 +111,8 @@ set(CORPUS_OTHER 37740.fuzz 57639.fuzz 65681.fuzz + 65773.fuzz + 65777.fuzz ) set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus) diff --git a/fuzz/qpdf_extra/65773.fuzz b/fuzz/qpdf_extra/65773.fuzz new file mode 100644 index 00000000..2d0aabf5 --- /dev/null +++ b/fuzz/qpdf_extra/65773.fuzz @@ -0,0 +1 @@ +trailer<</Root<<[-2147483648 7 R 8 4 R]>>>>
\ No newline at end of file diff --git a/fuzz/qpdf_extra/65777.fuzz b/fuzz/qpdf_extra/65777.fuzz Binary files differnew file mode 100644 index 00000000..066c960b --- /dev/null +++ b/fuzz/qpdf_extra/65777.fuzz diff --git a/fuzz/qtest/fuzz.test b/fuzz/qtest/fuzz.test index adce995c..7ca371fd 100644 --- a/fuzz/qtest/fuzz.test +++ b/fuzz/qtest/fuzz.test @@ -20,7 +20,7 @@ my @fuzzers = ( ['pngpredictor' => 1], ['runlength' => 6], ['tiffpredictor' => 1], - ['qpdf' => 54], # increment when adding new files + ['qpdf' => 56], # increment when adding new files ); my $n_tests = 0; diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc index 89d4a0a8..8cff3dfd 100644 --- a/libqpdf/QPDF.cc +++ b/libqpdf/QPDF.cc @@ -709,10 +709,11 @@ QPDF::read_xref(qpdf_offset_t xref_offset) // Make sure we keep only the highest generation for any object. QPDFObjGen last_og{-1, 0}; - for (auto const& og: m->xref_table) { - if (og.first.getObj() == last_og.getObj()) + for (auto const& item: m->xref_table) { + auto id = item.first.getObj(); + if (id == last_og.getObj() && id > 0) removeObject(last_og); - last_og = og.first; + last_og = item.first; } } @@ -2405,7 +2406,7 @@ QPDF::getCompressibleObjGens() while (!queue.empty()) { auto obj = queue.back(); queue.pop_back(); - if (obj.isIndirect()) { + if (obj.getObjectID() > 0) { QPDFObjGen og = obj.getObjGen(); const size_t id = toS(og.getObj() - 1); if (id >= max_obj) |