From 6bc4cc3d48dd2216c9415215967e46d429b7f6b1 Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Sun, 25 Aug 2019 21:23:19 -0400 Subject: Fix fuzz issue 15475 --- libqpdf/Pl_LZWDecoder.cc | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'libqpdf/Pl_LZWDecoder.cc') diff --git a/libqpdf/Pl_LZWDecoder.cc b/libqpdf/Pl_LZWDecoder.cc index 6cc87048..81069da6 100644 --- a/libqpdf/Pl_LZWDecoder.cc +++ b/libqpdf/Pl_LZWDecoder.cc @@ -107,7 +107,7 @@ Pl_LZWDecoder::getFirstChar(unsigned int code) unsigned int idx = code - 258; if (idx >= table.size()) { - throw std::logic_error( + throw std::runtime_error( "Pl_LZWDecoder::getFirstChar: table overflow"); } Buffer& b = table.at(idx); @@ -115,7 +115,7 @@ Pl_LZWDecoder::getFirstChar(unsigned int code) } else { - throw std::logic_error( + throw std::runtime_error( "Pl_LZWDecoder::getFirstChar called with invalid code (" + QUtil::int_to_string(code) + ")"); } @@ -140,7 +140,7 @@ Pl_LZWDecoder::addToTable(unsigned char next) unsigned int idx = this->last_code - 258; if (idx >= table.size()) { - throw std::logic_error( + throw std::runtime_error( "Pl_LZWDecoder::addToTable: table overflow"); } Buffer& b = table.at(idx); @@ -149,7 +149,7 @@ Pl_LZWDecoder::addToTable(unsigned char next) } else { - throw std::logic_error( + throw std::runtime_error( "Pl_LZWDecoder::addToTable called with invalid code (" + QUtil::int_to_string(this->last_code) + ")"); } @@ -239,7 +239,13 @@ Pl_LZWDecoder::handleCode(unsigned int code) } else { - Buffer& b = table.at(code - 258); + unsigned int idx = code - 258; + if (idx >= table.size()) + { + throw std::runtime_error( + "Pl_LZWDecoder::handleCode: table overflow"); + } + Buffer& b = table.at(idx); getNext()->write(b.getBuffer(), b.getSize()); } } -- cgit v1.2.3-54-g00ecf