File r1851-Fix-for-CVE-2017-8787-Read-out-of-buffer-size.patch of Package podofo.34526

------------------------------------------------------------------------
r1851 | aja_ | 2017-06-04 14:15:23 +0200 (dom, 04 jun 2017) | 2 lines

Fix for CVE-2017-8787 - Read out of buffer size in PdfXRefStreamParserObject::ReadXRefStreamEntry()


Index: src/base/PdfXRefStreamParserObject.cpp
===================================================================
--- src/base/PdfXRefStreamParserObject.cpp	(revision 1850)
+++ src/base/PdfXRefStreamParserObject.cpp	(revision 1851)
@@ -124,6 +124,11 @@
     pdf_long     lBufferLen;
     const size_t entryLen  = static_cast<size_t>(nW[0] + nW[1] + nW[2]);
 
+    if( nW[0] + nW[1] + nW[2] < 0 )
+    {
+        PODOFO_RAISE_ERROR_INFO( ePdfError_NoXRef, "Invalid entry length in XRef stream" );
+    }
+
     this->GetStream()->GetFilteredCopy( &pBuffer, &lBufferLen );
 
     

------------------------------------------------------------------------

Places

File r1851-Fix-for-CVE-2017-8787-Read-out-of-buffer-size.patch of Package podofo.34526

Places