From 6e3b7982dbcf8087374694253e0e248fbc6c6e3e Mon Sep 17 00:00:00 2001 From: m-holger Date: Wed, 17 Jan 2024 10:39:06 +0000 Subject: Fix incorrect handling of invalid negative object ids Fix two errors introduced in #1110 and #1112. Since #1110, encountering the invalid indirect reference #1110 -2147483648 n R produces an integer underflow which, if undetected, immediately trigger a logic error. Since #1112, object -1 0 R may be incorrectly identified as an earlier generation of itself and deleted, invalidating a live iterator. --- fuzz/CMakeLists.txt | 2 ++ fuzz/qpdf_extra/65773.fuzz | 1 + fuzz/qpdf_extra/65777.fuzz | Bin 0 -> 67 bytes fuzz/qtest/fuzz.test | 2 +- 4 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 fuzz/qpdf_extra/65773.fuzz create mode 100644 fuzz/qpdf_extra/65777.fuzz (limited to 'fuzz') diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index df1fa807..e4a8cf36 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -111,6 +111,8 @@ set(CORPUS_OTHER 37740.fuzz 57639.fuzz 65681.fuzz + 65773.fuzz + 65777.fuzz ) set(CORPUS_DIR ${CMAKE_CURRENT_BINARY_DIR}/qpdf_corpus) diff --git a/fuzz/qpdf_extra/65773.fuzz b/fuzz/qpdf_extra/65773.fuzz new file mode 100644 index 00000000..2d0aabf5 --- /dev/null +++ b/fuzz/qpdf_extra/65773.fuzz @@ -0,0 +1 @@ +trailer<>>> \ No newline at end of file diff --git a/fuzz/qpdf_extra/65777.fuzz b/fuzz/qpdf_extra/65777.fuzz new file mode 100644 index 00000000..066c960b Binary files /dev/null and b/fuzz/qpdf_extra/65777.fuzz differ diff --git a/fuzz/qtest/fuzz.test b/fuzz/qtest/fuzz.test index adce995c..7ca371fd 100644 --- a/fuzz/qtest/fuzz.test +++ b/fuzz/qtest/fuzz.test @@ -20,7 +20,7 @@ my @fuzzers = ( ['pngpredictor' => 1], ['runlength' => 6], ['tiffpredictor' => 1], - ['qpdf' => 54], # increment when adding new files + ['qpdf' => 56], # increment when adding new files ); my $n_tests = 0; -- cgit v1.2.3-54-g00ecf