File podofo_security-fixes-handling-of-invalid-XRef-stream-entries.patch of Package podofo.34526

commit 535a786f124b739e3c857529cecc29e4eeb79778
Author: Francesco Pretto <ceztko@gmail.com>
Date:   Fri Apr 21 16:54:24 2023 +0200

    PdfXRefStreamParserObject: Fixed handling of invalid XRef stream entries

    Should fix #69

--- src/base/PdfXRefStreamParserObject.cpp
+++ src/base/PdfXRefStreamParserObject.cpp
@@ -27,6 +27,7 @@
 
 #include <limits>
 
+using namespace std;
 namespace PoDoFo {
 
 PdfXRefStreamParserObject::PdfXRefStreamParserObject(PdfVecObjects* pCreator, const PdfRefCountedInputDevice & rDevice, 
@@ -134,7 +135,7 @@
 
     
     std::vector<pdf_int64>::const_iterator it = rvecIndeces.begin();
-    char* const pStart = pBuffer;
+    size_t offset = 0;
     while( it != rvecIndeces.end() )
     {
         pdf_int64 nFirstObj = *it; ++it;
@@ -148,7 +149,7 @@
         //printf("nCount=%i\n", static_cast<int>(nCount));
         while( nCount > 0 )
         {
-            if( (pBuffer - pStart) >= lBufferLen ) 
+            if ((offset + nCount * entryLen) > lBufferLen )
             {
                 PODOFO_RAISE_ERROR_INFO( ePdfError_NoXRef, "Invalid count in XRef stream" );
             }
@@ -163,14 +164,12 @@
             }
 
 			nFirstObj++ ;
-            pBuffer += entryLen;
+            offset += entryLen;
             --nCount;
         }
         //printf("Exp: nFirstObj=%i nFirstObjOrg + nCount=%i\n", nFirstObj - 1, nFirstObjOrg + nCountOrg - 1 );
         //printf("===\n");
     }
-    podofo_free( pStart );
-
 }
 
 void PdfXRefStreamParserObject::GetIndeces( std::vector<pdf_int64> & rvecIndeces, pdf_int64 size )