Overview

File r1909-Fix-for-CVE-2018-8001-heap-based-buffer-over-read-in-UnescapeName.patch of Package podofo.34526

------------------------------------------------------------------------
r1909 | mc-zyx | 2018-03-11 14:17:09 +0100 (dom, 11 mar 2018) | 2 lines

Fix for CVE-2018-8001 - heap-based buffer over-read in UnescapeName()


Index: src/base/PdfName.cpp
===================================================================
--- src/base/PdfName.cpp.orig
+++ src/base/PdfName.cpp
@@ -121,7 +121,7 @@ static std::string UnescapeName(T it, si
     unsigned int incount = 0, outcount = 0;
     while (incount++ < length)
     {
-        if (*it == '#')
+        if (*it == '#' && incount + 1 < length)
         {
             unsigned char hi = static_cast<unsigned char>(*(++it)); ++incount;
             unsigned char low = static_cast<unsigned char>(*(++it)); ++incount;
openSUSE Build Service is sponsored by
Places