Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
podofo
r1849-Fix-CVE-2017-7994-NULL-dereference.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File r1849-Fix-CVE-2017-7994-NULL-dereference.patch of Package podofo
------------------------------------------------------------------------ r1849 | aja_ | 2017-05-08 19:00:13 +0200 (lun, 08 may 2017) | 2 lines Fix CVE-2017-7994: NULL dereference in TextExtractor::ExtractText() Index: tools/podofotxtextract/TextExtractor.cpp =================================================================== --- tools/podofotxtextract/TextExtractor.cpp (revision 1848) +++ tools/podofotxtextract/TextExtractor.cpp (revision 1849) @@ -72,10 +72,21 @@ if( strcmp( pszToken, "l" ) == 0 || strcmp( pszToken, "m" ) == 0 ) { - dCurPosX = stack.top().GetReal(); - stack.pop(); - dCurPosY = stack.top().GetReal(); - stack.pop(); + if( stack.size() == 2 ) + { + dCurPosX = stack.top().GetReal(); + stack.pop(); + dCurPosY = stack.top().GetReal(); + stack.pop(); + } + else + { + fprintf( stderr, "WARNING: Token '%s' expects two arguments, but %" PDF_FORMAT_INT64 " given; ignoring\n", + pszToken, static_cast<pdf_int64>( stack.size() ) ); + + while( !stack.empty() ) + stack.pop(); + } } else if( strcmp( pszToken, "BT" ) == 0 ) { @@ -93,6 +104,13 @@ { if( strcmp( pszToken, "Tf" ) == 0 ) { + if( stack.size() < 2 ) + { + fprintf( stderr, "WARNING: Expects two arguments for 'Tf', ignoring\n" ); + pCurFont = NULL; + continue; + } + dCurFontSize = stack.top().GetReal(); stack.pop(); PdfName fontName = stack.top().GetName(); # PdfObject* pFont = pPage->GetFromResources( PdfName("Font"), fontName ); @@ -102,21 +120,37 @@ } pCurFont = pDocument->GetFont( pFont ); - if( !pCurFont ) + if( !pCurFont ) { - fprintf( stderr, "WARNING: Unable to create font for object %i %i R\n", - pFont->Reference().ObjectNumber(), - pFont->Reference().GenerationNumber() ); + fprintf( stderr, "WARNING: Unable to create font for object %" PDF_FORMAT_INT64 " %" PDF_FORMAT_INT64 " R\n", + static_cast<pdf_int64>( pFont->Reference().ObjectNumber() ), + static_cast<pdf_int64>( pFont->Reference().GenerationNumber() ) ); } } else if( strcmp( pszToken, "Tj" ) == 0 || strcmp( pszToken, "'" ) == 0 ) { + if( stack.size() < 1 ) + { + fprintf( stderr, "WARNING: Expects one argument for '%s', ignoring\n", pszToken ); + continue; + } + AddTextElement( dCurPosX, dCurPosY, pCurFont, stack.top().GetString() ); stack.pop(); } else if( strcmp( pszToken, "\"" ) == 0 ) { + if( stack.size() < 3 ) + { + fprintf( stderr, "WARNING: Expects three arguments for '%s', ignoring\n", pszToken ); + + while( !stack.empty() ) + stack.pop(); + + continue; + } + AddTextElement( dCurPosX, dCurPosY, pCurFont, stack.top().GetString() ); stack.pop(); stack.pop(); // remove char spacing from stack @@ -124,6 +158,12 @@ } else if( strcmp( pszToken, "TJ" ) == 0 ) { + if( stack.size() < 3 ) + { + fprintf( stderr, "WARNING: Expects one argument for '%s', ignoring\n", pszToken ); + continue; + } + PdfArray array = stack.top().GetArray(); stack.pop(); ------------------------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
