dany/pdfio
1
0
Fork 0
mirror of https://github.com/michaelrsweet/pdfio.git synced 2025-07-15 21:40:11 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix a few stack/buffer overflow bugs discovered by Bart, Steffan, and Mark from

Browse Source 
the Radboud University NL (thanks!)

- Add depth argument to all value read functions that recurse
- Add depth argument to page tree loading code
- Validate xref stream sizes individually to avoid out-of-bounds access to local
  xref buffer.
This commit is contained in:
Michael R Sweet
2021-11-29 17:46:56 -05:00
parent ec8e900ea5
commit a431d7806f
8 changed files with 50 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pdfio-dict.c
View File

@ -473,7 +473,8 @@ _pdfioDictGetValue(pdfio_dict_t *dict, // I - Dictionary
pdfio_dict_t * // O - New dictionary
_pdfioDictRead(pdfio_file_t *pdf, // I - PDF file
pdfio_obj_t *obj, // I - Object, if any
_pdfio_token_t *tb) // I - Token buffer/stack
_pdfio_token_t *tb, // I - Token buffer/stack
size_t depth) // I - Depth of dictionary
{
pdfio_dict_t *dict; // New dictionary
char key[256]; // Dictionary key
@ -501,7 +502,7 @@ _pdfioDictRead(pdfio_file_t *pdf, // I - PDF file
}
// Then get the next value...
if (!_pdfioValueRead(pdf, obj, tb, &value))
if (!_pdfioValueRead(pdf, obj, tb, &value, depth))
{
_pdfioFileError(pdf, "Missing value for dictionary key.");
break;