Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.0
podofo
0009-Fix-CVE-2017-7379-encoding-array-too-short...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0009-Fix-CVE-2017-7379-encoding-array-too-short-to-encode-decode-code-point-0xffff.patch of Package podofo
Subject: Patch by Mark Rogers: Fix CVE-2017-7379: encoding array too short to encode/decode code point 0xffff Url: https://sourceforge.net/p/podofo/code/1842/ --- a/podofo/trunk/src/base/PdfEncoding.cpp +++ b/podofo/trunk/src/base/PdfEncoding.cpp @@ -45,6 +45,7 @@ #include <stack> #include <stdlib.h> #include <string.h> +#include <limits> #include <sstream> #include "PdfArray.h" #include "doc/PdfDifferenceEncoding.h" @@ -362,7 +363,9 @@ void PdfSimpleEncoding::InitEncodingTable() { Util::PdfMutexWrapper wrapper( *m_mutex ); - const long lTableLength = 0xffff; + // CVE-2017-7379 - previously lTableLength was 0xffff, but pdf_utf16be characters can be in range 0..0xffff so this + // caused out-by-one heap overflow when character 0xffff was encoded + const long lTableLength = std::numeric_limits<pdf_utf16be>::max() + 1; const pdf_utf16be* cpUnicodeTable = this->GetToUnicodeTable(); if( !m_pEncodingTable ) // double check
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor