Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
podofo.23799
r1842-Fix-CVE-2017-7379-encoding-array-too-shor...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File r1842-Fix-CVE-2017-7379-encoding-array-too-short.patch of Package podofo.23799
------------------------------------------------------------------------ r1842 | aja_ | 2017-04-28 18:49:01 +0200 (vie, 28 abr 2017) | 2 lines Patch by Mark Rogers: Fix CVE-2017-7379: encoding array too short to encode/decode code point 0xffff Index: src/base/PdfEncoding.cpp =================================================================== --- src/base/PdfEncoding.cpp (revision 1841) +++ src/base/PdfEncoding.cpp (revision 1842) @@ -45,6 +45,7 @@ # #include <stack> # #include <stdlib.h> # #include <string.h> #include <stdlib.h> #include <string.h> +#include <limits> # #include <sstream> # #include "PdfArray.h" # #include "doc/PdfDifferenceEncoding.h" #include <sstream> namespace PoDoFo { @@ -362,7 +363,9 @@ void PdfSimpleEncoding::InitEncodingTable() { Util::PdfMutexWrapper wrapper( *m_mutex ); - const long lTableLength = 0xffff; + // CVE-2017-7379 - previously lTableLength was 0xffff, but pdf_utf16be characters can be in range 0..0xffff so this + // caused out-by-one heap overflow when character 0xffff was encoded + const long lTableLength = std::numeric_limits<pdf_utf16be>::max() + 1; const pdf_utf16be* cpUnicodeTable = this->GetToUnicodeTable(); if( !m_pEncodingTable ) // double check ------------------------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor