Hello Mark, hello all,
> On 20 April 2018 at 00:09 Mark Rogers <[email protected]> wrote:
>
>
> Hi
>
>
> This code from PdfString::Write has a buffer overflow – it checks
> buffer.GetSize() > 0 then sets nInputBufferLen=GetSize()-2 which is passed
> to new[nInputBufferLen] and memcpy
I'd like to contribute a fix for this (UTC tomorrow, I need to sleep soon):
> if( pEncrypt && m_buffer.GetSize() && IsValid() )
As IsValid() contains only a NULL check on the buffer in m_buffer,
the size check needs to be > 2 if ...
> {
> pdf_long nInputBufferLen = m_buffer.GetSize() - 2; // Cut off the trailing
> pair of zeros
there is to be a trailing-zero pair at all ...
Otherwise only when there is such a pair expected: should be the Unicode case.
I mean IMHO only then should there be one, I'm going to make it so too.
In the non-Unicode case I'll check if zero-termination is needed altogether,
if it isn't the check wouldn't need to be changed, but the handling would.
> pdf_long nUnicodeMarkerOffet = sizeof( PdfString::s_pszUnicodeMarker );
Of course I'd correct the typo also.
>
> Best Regards
>
> Mark
>
Best regards, mabri
P.S. Please still hold off with the rc2 for a bit (@Dominik), I'd like to
commit Francesco Pretto's iterator API addition (13/13) and a PdfPage one
of my own, still before the rc2 (and shouldn't the known vulnerabilities
be fixed in it also?).
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/podofo-users
