File r1949-Fix-CVE-2018-5783-by-introducing-singleto... of Package podofo.10471

Overview Repositories Revisions Requests Users Attributes Meta

File r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch of Package podofo.10471

------------------------------------------------------------------------
r1949 | mabri | 2018-11-13 23:53:01 +0100 (mar 13 de nov de 2018) | 8 líneas

Fix CVE-2018-5783 by introducing singleton limit for indirect objects

The limit is the standard one of 8,388,607 but can be changed by
a newly introduced inline method (also a getter is provided).
This also introduced a new define PODOFO_SIZE_FORMAT for formatting
size_t values portably in printf()-like methods of PdfError etc.
Please also cf. issue #4 in the issue tracker.

Modified by Antonio Larrosa <alarrosa@suse.com> so the patch
doesn't break binary compatibility

Index: src/base/PdfCompilerCompat.h
===================================================================
--- src/base/PdfCompilerCompat.h	(revisión: 1948)
+++ src/base/PdfCompilerCompat.h	(revisión: 1949)
@@ -184,9 +184,11 @@
 #if defined(_MSC_VER)
 #  define PDF_FORMAT_INT64 "I64d"
 #  define PDF_FORMAT_UINT64 "I64u"
+#  define PDF_SIZE_FORMAT "Iu"
# #elif defined(SZ_INT64) && defined(SZ_LONG) && SZ_INT64 == SZ_LONG
# #  define PDF_FORMAT_INT64 "ld"
# #  define PDF_FORMAT_UINT64 "lu"
#+#  define PDF_SIZE_FORMAT "zu"
 #else
 #  define PDF_FORMAT_INT64 "lld"
 #  define PDF_FORMAT_UINT64 "llu"
+#  define PDF_SIZE_FORMAT "zu"
 #endif
 
 
Index: src/base/PdfVecObjects.h
===================================================================
--- src/base/PdfVecObjects.h	(revisión: 1948)
+++ src/base/PdfVecObjects.h	(revisión: 1949)
@@ -496,7 +496,16 @@
 // -----------------------------------------------------
 inline void PdfVecObjects::Reserve( size_t size )
 {
-    m_vector.reserve( size );
+    if( size <= static_cast<size_t>(8388607) ) // Fix CVE-2018-5783
+    {
+        m_vector.reserve( size );
+    } 
+    else
+    {
+        PdfError::DebugMessage( "Call to PdfVecObjects::Reserve with %"
+                           PDF_SIZE_FORMAT" is over allowed limit of %"
+                           PDF_SIZE_FORMAT".\n", size, static_cast<size_t>(8388607));
+    }
 }
 
 // -----------------------------------------------------

------------------------------------------------------------------------

Places

File r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch of Package podofo.10471

Places