File r1907-Fix-CVE-2018-5309-integer-overflow-in-Pdf... of Package podofo

Overview Repositories Revisions Requests Users Attributes Meta

File r1907-Fix-CVE-2018-5309-integer-overflow-in-PdfObjectStreamParserObject-ReadObjectsFromStream.patch of Package podofo (Revision 09d355005246d5c951c5b0b6aed3236c)

Currently displaying revision 09d355005246d5c951c5b0b6aed3236c , Show latest

------------------------------------------------------------------------
r1907 | mc-zyx | 2018-03-11 11:17:58 +0100 (dom, 11 mar 2018) | 2 lines

Fix for CVE-2018-5309 - integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream

Index: src/base/PdfObjectStreamParserObject.cpp
===================================================================
--- src/base/PdfObjectStreamParserObject.cpp	(revision 1906)
+++ src/base/PdfObjectStreamParserObject.cpp	(revision 1907)
@@ -95,6 +95,12 @@
         const long long lOff     = tokenizer.GetNextNumber();
         const std::streamoff pos = device.Device()->Tell();
 
+        if( lFirst >= std::numeric_limits<pdf_int64>::max() - lOff )
+        {
+            PODOFO_RAISE_ERROR_INFO( ePdfError_BrokenFile,
+                                    "Object position out of max limit" );
+        }
+
         // move to the position of the object in the stream
         device.Device()->Seek( static_cast<std::streamoff>(lFirst + lOff) );

------------------------------------------------------------------------

Places

File r1907-Fix-CVE-2018-5309-integer-overflow-in-PdfObjectStreamParserObject-ReadObjectsFromStream.patch of Package podofo (Revision 09d355005246d5c951c5b0b6aed3236c)

Places