Overview

File 0018-Fix-for-CVE-2017-8787-Read-out-of-buffer-size-in-PdfXRefStreamParserObject-ReadXRefStreamEntry.patch of Package podofo

Subject: Fix for CVE-2017-8787 - Read out of buffer size in PdfXRefStreamParserObject::ReadXRefStreamEntry(
Url: https://sourceforge.net/p/podofo/code/1851/

--- a/podofo/trunk/src/base/PdfXRefStreamParserObject.cpp
+++ b/podofo/trunk/src/base/PdfXRefStreamParserObject.cpp
@@ -123,6 +123,11 @@
     char*        pBuffer;
     pdf_long     lBufferLen;
     const size_t entryLen  = static_cast<size_t>(nW[0] + nW[1] + nW[2]);
+
+    if( nW[0] + nW[1] + nW[2] < 0 )
+    {
+        PODOFO_RAISE_ERROR_INFO( ePdfError_NoXRef, "Invalid entry length in XRef stream" );
+    }
 
     this->GetStream()->GetFilteredCopy( &pBuffer, &lBufferLen );
openSUSE Build Service is sponsored by
Places