From a84a0b248768dcbab7fc007bb22a258cac9e4131 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Thu, 4 Nov 2021 13:52:47 -0400
Subject: Add range check in QPDFNumberTreeObjectHelper (fuzz issue 37740)

---
 libqpdf/QPDFNumberTreeObjectHelper.cc | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'libqpdf')

diff --git a/libqpdf/QPDFNumberTreeObjectHelper.cc b/libqpdf/QPDFNumberTreeObjectHelper.cc
index be2f2f16..7f510497 100644
--- a/libqpdf/QPDFNumberTreeObjectHelper.cc
+++ b/libqpdf/QPDFNumberTreeObjectHelper.cc
@@ -1,5 +1,6 @@
 #include <qpdf/QPDFNumberTreeObjectHelper.hh>
 #include <qpdf/NNTree.hh>
+#include <qpdf/QIntC.hh>
 
 class NumberTreeDetails: public NNTreeDetails
 {
@@ -235,6 +236,7 @@ QPDFNumberTreeObjectHelper::findObjectAtOrBelow(
         return false;
     }
     oh = i->second;
+    QIntC::range_check_substract(idx, i->first);
     offset = idx - i->first;
     return true;
 }
-- 
cgit v1.2.3-54-g00ecf