aboutsummaryrefslogtreecommitdiffstats
path: root/fuzz
AgeCommit message (Collapse)Author
2021-11-11First increment of improving handling of weak crypto (fixes #358)Jay Berkenbilt
2021-11-04Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740)Jay Berkenbilt
2021-11-04Fix bug in merging resources /DR from foreign AcroForm (fixes #548)Jay Berkenbilt
When making resources indirect in from_dr, the code was using the wrong owning QPDF, forgetting that from_dr had already been copied using CopyForeignObject.
2021-02-10Fix loop in QPDFOutlineDocumentHelper (fuzz issue 30507)Jay Berkenbilt
2021-01-04Fix some pipelines to be safe if downstream write fails (fuzz issue 28262)Jay Berkenbilt
2021-01-02Make more QPDFPageObjectHelper methods work with form XObjectJay Berkenbilt
2021-01-02QPDFPageObjectHelper: getPageImages -> getImagesJay Berkenbilt
2020-11-21Handle negative numbers in QIntC::range_check (fuzz issue 26994)Jay Berkenbilt
2020-11-11Treat direct page as runtime rather than logic error (fuzz issue 27393)Jay Berkenbilt
2020-10-31Fix stack overflow on direct root (fuzz issue 26761)Jay Berkenbilt
2020-10-22Avoid leak by resolving object streams more than once (fuzz issue 23642)Jay Berkenbilt
2020-10-22Handle jpeg library fuzz false positivesJay Berkenbilt
The jpeg library has some assembly code that is missed by the compiler instrumentation used by memory sanitization. There is a runtime environment variable that is used to work around this issue.
2020-10-22Check for overflow in page labels (fuzz issue 23599)Jay Berkenbilt
2020-10-22Fix loop detection error (fuzz issue 23172)Jay Berkenbilt
2020-10-21Remove some fuzz files with Mal/PDFEx-H (fixes #460)Jay Berkenbilt
There isn't really an issue with these files causing a real problem, but malware and virus checkers trip on them, and the value to leaving them in the test suite is too low to be worth the hassle.
2020-10-16Rename azure-pipelines to build-scriptsJay Berkenbilt
2019-11-09Explicitly use only native crypto for oss-fuzzJay Berkenbilt
I don't need qpdf's fuzz to find leaks and invalid memory in gnutls.
2019-11-04Fix two additional fuzz test casesJay Berkenbilt
2019-09-18Fix fuzz issue 16953 (overflow checking in xref stream index)Jay Berkenbilt
2019-08-29Don't encrypt trailer, fixes fuzz issue 15983Jay Berkenbilt
Ordinarily the trailer doesn't contain any strings, so this is usually a non-issue, but if the trailer contains strings, linearizing and encrypting with object streams would include encrypted strings in the trailer, which would blow out the padding because encrypted strings are longer than their cleartext counterparts.
2019-08-28Detect stream in object stream, fixing fuzz 16214Jay Berkenbilt
It's detected in QPDFWriter instead of at parse time because I can't figure out how to construct a test case in a reasonable time. This commit moves the fuzz file into the regular test suite for a QTC coverage case.
2019-08-28Safe pipeline pop fixed fuzz issue 15445Jay Berkenbilt
2019-08-28Fix fuzz issues 15316 and 15390Jay Berkenbilt
2019-08-27Fix fuzz issue 16172 (overflow checking in OffsetInputSource)Jay Berkenbilt
2019-08-27Fix fuzz issue 15442 (overflow checking in BufferInputSource)Jay Berkenbilt
2019-08-27Fix fuzz issue 15387 (overflow checking xref size)Jay Berkenbilt
2019-08-26Fix fuzz issue 15475Jay Berkenbilt
2019-08-26Fix fuzz issue 16301Jay Berkenbilt
2019-08-26Move qpdf_fuzzer tests to the endJay Berkenbilt
This makes it faster to iterate on the other ones.
2019-08-26Fuzz build: allow easy addition of test filesJay Berkenbilt
2019-07-04Change list to vector for outline helpers (fixes #297)Thorsten Schöning
This change works around STL problems with Embarcadero C++ Builder version 10.2, but std::vector is more common than std::list in qpdf, and this is a relatively new API, so an API change is tolerable. Thanks to Thorsten Schöning <6223655+ams-tschoening@users.noreply.github.com> for the fix.
2019-06-23Add fuzzers to exercise specific pipeline classesJay Berkenbilt
2019-06-22Add QUtil::read_file_into_memoryJay Berkenbilt
This code was essentially duplicated between test_driver and standalone_fuzz_target_runner.
2019-06-21Update qpdf_fuzzer to increase coverageJay Berkenbilt
2019-06-21Clean up fuzzer installation and add test filesJay Berkenbilt
* Create the seed corpus in the build directory * Don't assume all fuzzers share an options file
2019-06-21Re-enable fuzzer testing in WindowsJay Berkenbilt
2019-06-21Fix sign and conversion warnings (major)Jay Berkenbilt
This makes all integer type conversions that have potential data loss explicit with calls that do range checks and raise an exception. After this commit, qpdf builds with no warnings when -Wsign-conversion -Wconversion is used with gcc or clang or when -W3 -Wd4800 is used with MSVC. This significantly reduces the likelihood of potential crashes from bogus integer values. There are some parts of the code that take int when they should take size_t or an offset. Such places would make qpdf not support files with more than 2^31 of something that usually wouldn't be so large. In the event that such a file shows up and is valid, at least qpdf would raise an error in the right spot so the issue could be legitimately addressed rather than failing in some weird way because of a silent overflow condition.
2019-06-18Remove qpdf_read_memory_fuzzerJay Berkenbilt
2019-06-15As a test suite, run stand-alone fuzzer on seed corpusJay Berkenbilt
Temporarily skip fuzz tests on Windows. There are Windows-specific failures to address later.
2019-06-15Populate seed corpusJay Berkenbilt
2019-06-15Add corpus from previous fuzzerJay Berkenbilt
This is the set of files from the latest corpus of running the older fuzzer (qpdf_read_memory_fuzzer) at the time of adding the new fuzzer (qpdf_fuzzer) after running a merge operation to minimize the corpus.
2019-06-15Implement fuzzer with good coverageJay Berkenbilt
2019-06-14oss-fuzz-build: support branch switchingJay Berkenbilt
2019-06-13oss-fuzz initial integrationJay Berkenbilt