Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
podofo.35912
r1907-Fix-CVE-2018-5309-integer-overflow-in-Pdf...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File r1907-Fix-CVE-2018-5309-integer-overflow-in-PdfObjectStreamParserObject-ReadObjectsFromStream.patch of Package podofo.35912
------------------------------------------------------------------------ r1907 | mc-zyx | 2018-03-11 11:17:58 +0100 (dom, 11 mar 2018) | 2 lines Fix for CVE-2018-5309 - integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream Index: src/base/PdfObjectStreamParserObject.cpp =================================================================== --- src/base/PdfObjectStreamParserObject.cpp (revision 1906) +++ src/base/PdfObjectStreamParserObject.cpp (revision 1907) @@ -95,6 +95,12 @@ const long long lOff = tokenizer.GetNextNumber(); const std::streamoff pos = device.Device()->Tell(); + if( lFirst >= std::numeric_limits<pdf_int64>::max() - lOff ) + { + PODOFO_RAISE_ERROR_INFO( ePdfError_BrokenFile, + "Object position out of max limit" ); + } + // move to the position of the object in the stream device.Device()->Seek( static_cast<std::streamoff>(lFirst + lOff) ); ------------------------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor