Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
podofo.23799
r1889-Fix-for-CVE-2018-5295-Integer-overflow-at...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File r1889-Fix-for-CVE-2018-5295-Integer-overflow-at-PdfXRefStreamParserObject-ParseStream.patch of Package podofo.23799
------------------------------------------------------------------------ r1889 | mc-zyx | 2018-02-18 13:02:28 +0100 (dom, 18 feb 2018) | 2 lines Patch by Matthias Brinke: Fix for CVE-2018-5295 - Integer overflow at PdfXRefStreamParserObject::ParseStream() Index: src/base/PdfXRefStreamParserObject.cpp =================================================================== --- src/base/PdfXRefStreamParserObject.cpp (revision 1888) +++ src/base/PdfXRefStreamParserObject.cpp (revision 1889) @@ -38,7 +38,7 @@ #include "PdfStream.h" #include "PdfVariant.h" -#include <stdio.h> +#include <limits> namespace PoDoFo { @@ -122,13 +122,27 @@ { char* pBuffer; pdf_long lBufferLen; - const size_t entryLen = static_cast<size_t>(nW[0] + nW[1] + nW[2]); - if( nW[0] + nW[1] + nW[2] < 0 ) + for(pdf_int64 nLengthSum = 0, i = 0; i < W_ARRAY_SIZE; i++ ) { - PODOFO_RAISE_ERROR_INFO( ePdfError_NoXRef, "Invalid entry length in XRef stream" ); + if ( nW[i] < 0 ) + { + PODOFO_RAISE_ERROR_INFO( ePdfError_NoXRef, + "Negative field length in XRef stream" ); + } + if ( std::numeric_limits<pdf_int64>::max() - nLengthSum < nW[i] ) + { + PODOFO_RAISE_ERROR_INFO( ePdfError_NoXRef, + "Invalid entry length in XRef stream" ); + } + else + { + nLengthSum += nW[i]; + } } + const size_t entryLen = static_cast<size_t>(nW[0] + nW[1] + nW[2]); + this->GetStream()->GetFilteredCopy( &pBuffer, &lBufferLen ); ------------------------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
