[Podofo-svn] SF.net SVN: podofo:[1847] podofo/trunk/src/doc/PdfPainter.cpp
A PDF parsing, modification and creation library.
Brought to you by:
domseichter
Menu
▾
▴
[Podofo-svn] SF.net SVN: podofo:[1847] podofo/trunk/src/doc/PdfPainter.cpp
|
From: <aj...@us...> - 2017-05-08 14:15:44
|
Revision: 1847
http://sourceforge.net/p/podofo/code/1847
Author: aja_
Date: 2017-05-08 14:15:41 +0000 (Mon, 08 May 2017)
Log Message:
-----------
Fix CVE-2017-7378: Out of bounds read in PdfPainter::ExpandTabs()
Modified Paths:
--------------
podofo/trunk/src/doc/PdfPainter.cpp
Modified: podofo/trunk/src/doc/PdfPainter.cpp
===================================================================
--- podofo/trunk/src/doc/PdfPainter.cpp 2017-05-08 13:54:34 UTC (rev 1846)
+++ podofo/trunk/src/doc/PdfPainter.cpp 2017-05-08 14:15:41 UTC (rev 1847)
@@ -1938,16 +1938,27 @@
const pdf_utf16be cTab = 0x0900;
const pdf_utf16be cSpace = 0x2000;
+ if( lStringLen == -1 )
+ lStringLen = rsString.GetCharacterLength();
+
+ if (lStringLen > rsString.GetCharacterLength())
+ {
+ PdfError::DebugMessage( "Requested to expand tabs in string of %" PDF_FORMAT_INT64 " chars, while it has only %" PDF_FORMAT_INT64 "; correcting the value\n",
+ static_cast<pdf_int64>( lStringLen ), static_cast<pdf_int64>( rsString.GetCharacterLength() ) );
+
+ lStringLen = rsString.GetCharacterLength();
+ }
+
// count the number of tabs in the string
if( bUnicode )
{
- for( i=0;i<=lStringLen;i++ )
+ for( i=0;i<lStringLen;i++ )
if( rsString.GetUnicode()[i] == cTab )
++nTabCnt;
}
else
{
- for( i=0;i<=lStringLen;i++ )
+ for( i=0;i<lStringLen;i++ )
if( rsString.GetString()[i] == '\t' )
++nTabCnt;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
