Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
podofo.34526
r1949-Fix-CVE-2018-5783-by-introducing-singleto...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File r1949-Fix-CVE-2018-5783-by-introducing-singleton-limit-for-indirect-objects-keeping-binary-compat.patch of Package podofo.34526
------------------------------------------------------------------------ r1949 | mabri | 2018-11-13 23:53:01 +0100 (mar 13 de nov de 2018) | 8 líneas Fix CVE-2018-5783 by introducing singleton limit for indirect objects The limit is the standard one of 8,388,607 but can be changed by a newly introduced inline method (also a getter is provided). This also introduced a new define PODOFO_SIZE_FORMAT for formatting size_t values portably in printf()-like methods of PdfError etc. Please also cf. issue #4 in the issue tracker. Modified by Antonio Larrosa <alarrosa@suse.com> so the patch doesn't break binary compatibility Index: src/base/PdfCompilerCompat.h =================================================================== --- src/base/PdfCompilerCompat.h (revisión: 1948) +++ src/base/PdfCompilerCompat.h (revisión: 1949) @@ -184,9 +184,11 @@ #if defined(_MSC_VER) # define PDF_FORMAT_INT64 "I64d" # define PDF_FORMAT_UINT64 "I64u" +# define PDF_SIZE_FORMAT "Iu" # #elif defined(SZ_INT64) && defined(SZ_LONG) && SZ_INT64 == SZ_LONG # # define PDF_FORMAT_INT64 "ld" # # define PDF_FORMAT_UINT64 "lu" #+# define PDF_SIZE_FORMAT "zu" #else # define PDF_FORMAT_INT64 "lld" # define PDF_FORMAT_UINT64 "llu" +# define PDF_SIZE_FORMAT "zu" #endif Index: src/base/PdfVecObjects.h =================================================================== --- src/base/PdfVecObjects.h (revisión: 1948) +++ src/base/PdfVecObjects.h (revisión: 1949) @@ -496,7 +496,16 @@ // ----------------------------------------------------- inline void PdfVecObjects::Reserve( size_t size ) { - m_vector.reserve( size ); + if( size <= static_cast<size_t>(8388607) ) // Fix CVE-2018-5783 + { + m_vector.reserve( size ); + } + else + { + PdfError::DebugMessage( "Call to PdfVecObjects::Reserve with %" + PDF_SIZE_FORMAT" is over allowed limit of %" + PDF_SIZE_FORMAT".\n", size, static_cast<size_t>(8388607)); + } } // ----------------------------------------------------- ------------------------------------------------------------------------
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor