File r1952-Fix-CVE-2018-11255-Null-pointer-dereference-in-PdfPage-GetPageNumber.patch of Package podofo.23799
------------------------------------------------------------------------
r1952 | mabri | 2018-11-17 00:48:14 +0100 (sáb 17 de nov de 2018) | 4 líneas
Fix CVE-2018-11255: Null pointer dereference in PdfPage::GetPageNumber()
Please cf. issue #20.
Index: src/doc/PdfPage.cpp
===================================================================
--- src/doc/PdfPage.cpp (revisión: 1951)
+++ src/doc/PdfPage.cpp (revisión: 1952)
@@ -595,6 +595,13 @@
while( it != kids.end() && (*it).GetReference() != ref )
{
PdfObject* pNode = this->GetObject()->GetOwner()->GetObject( (*it).GetReference() );
+ if (!pNode)
+ {
+ std::ostringstream oss;
+ oss << "Object " << (*it).GetReference().ToString() << " not found from Kids array "
+ << pKids->Reference().ToString();
+ PODOFO_RAISE_ERROR_INFO( ePdfError_NoObject, oss.str() );
+ }
if( pNode->GetDictionary().GetKey( PdfName::KeyType ) != NULL
&& pNode->GetDictionary().GetKey( PdfName::KeyType )->GetName() == PdfName( "Pages" ) )
------------------------------------------------------------------------
