Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
podofo.34526
r1838-Extend-fix-for-CVE-2017-5852.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File r1838-Extend-fix-for-CVE-2017-5852.patch of Package podofo.34526
------------------------------------------------------------------------ r1838 | aja_ | 2017-04-09 13:13:05 +0200 (dom, 09 abr 2017) | 2 lines Patch by Mark Rogers: Extend fix for CVE-2017-5852 Index: src/doc/PdfPage.cpp =================================================================== --- src/doc/PdfPage.cpp.orig +++ src/doc/PdfPage.cpp #@@ -212,7 +212,7 @@ # return rect; # } # #-const PdfObject* PdfPage::GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const #+const PdfObject* PdfPage::GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth ) const # { # const PdfObject* pObj = NULL; # @@ -200,6 +200,11 @@ PdfRect PdfPage::CreateStandardPageSize( const PdfObject* PdfPage::GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const { + return GetInheritedKeyFromObject( inKey, inObject, 0 ); +} + +const PdfObject* PdfPage::GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth ) const +{ const PdfObject* pObj = NULL; // check for it in the object itself @@ -213,6 +218,18 @@ const PdfObject* PdfPage::GetInheritedKe // if we get here, we need to go check the parent - if there is one! if( inObject->GetDictionary().HasKey( "Parent" ) ) { + // CVE-2017-5852 - prevent stack overflow if Parent chain contains a loop, or is very long + // e.g. pObj->GetParent() == pObj or pObj->GetParent()->GetParent() == pObj + // default stack sizes + // Windows: 1 MB + // Linux: 2 MB + // macOS: 8 MB for main thread, 0.5 MB for secondary threads + // 0.5 MB is enough space for 1000 512 byte stack frames and 2000 256 byte stack frames + const int maxRecursionDepth = 1000; + + if ( depth > maxRecursionDepth ) + PODOFO_RAISE_ERROR( ePdfError_ValueOutOfRange ); + pObj = inObject->GetIndirectKey( "Parent" ); if( pObj == inObject ) { @@ -223,7 +240,7 @@ const PdfObject* PdfPage::GetInheritedKe } if( pObj ) - pObj = GetInheritedKeyFromObject( inKey, pObj ); + pObj = GetInheritedKeyFromObject( inKey, pObj, depth + 1 ); } return pObj; Index: src/doc/PdfPage.h =================================================================== --- src/doc/PdfPage.h.orig +++ src/doc/PdfPage.h #@@ -291,7 +291,7 @@ # /** Method for getting a key value that could be inherited (such as the boxes, resources, etc.) # * \returns PdfObject - the result of the key fetching or NULL # */ #- const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const; #+ const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth = 0 ) const; # # /** Get the annotations array. # * \param bCreate if true the annotations array is created @@ -275,7 +275,8 @@ class PODOFO_DOC_API PdfPage : public Pd /** Method for getting a key value that could be inherited (such as the boxes, resources, etc.) * \returns PdfObject - the result of the key fetching or NULL */ - const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const; + const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject ) const; + const PdfObject* GetInheritedKeyFromObject( const char* inKey, const PdfObject* inObject, int depth ) const; /** Get the annotations array. * \param bCreate if true the annotations array is created
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor