Browse code
pdfdecode: memory fixes for ascii85, reorganize initial crypt
Kevin Lin authored on 2016/04/02 04:18:32Showing 1 changed files
| ... | ... |
@@ -113,25 +113,10 @@ off_t pdf_decodestream(struct pdf_struct *pdf, struct pdf_obj *obj, struct pdf_d |
| 113 | 113 |
memcpy(token->content, stream, streamlen); |
| 114 | 114 |
token->length = streamlen; |
| 115 | 115 |
|
| 116 |
- /* |
|
| 117 |
- * if pdf is decryptable, scan for CRYPT filter |
|
| 118 |
- * if none, force a DECRYPT filter application |
|
| 119 |
- */ |
|
| 120 |
- if ((pdf->flags & (1 << DECRYPTABLE_PDF)) && !(obj->flags & (1 << OBJ_FILTER_CRYPT))) {
|
|
| 121 |
- cli_dbgmsg("cli_pdf: decoding => non-filter CRYPT\n");
|
|
| 122 |
- if ((rv = filter_decrypt(pdf, obj, params, token, 1)) != CL_SUCCESS) {
|
|
| 123 |
- if (rc) |
|
| 124 |
- *rc = rv; |
|
| 125 |
- return -1; |
|
| 126 |
- } |
|
| 127 |
- } |
|
| 128 |
- |
|
| 129 | 116 |
cli_dbgmsg("cli_pdf: detected %lu applied filters\n", (long unsigned)(obj->numfilters));
|
| 130 | 117 |
|
| 131 |
- if (obj->numfilters) {
|
|
| 132 |
- rv = pdf_decodestream_internal(pdf, obj, params, token); |
|
| 133 |
- /* return is ignored so that the existing content is dumped to file */ |
|
| 134 |
- } |
|
| 118 |
+ rv = pdf_decodestream_internal(pdf, obj, params, token); |
|
| 119 |
+ /* return is ignored so that the existing content is dumped to file */ |
|
| 135 | 120 |
|
| 136 | 121 |
if (!cli_checklimits("pdf", pdf->ctx, token->length, 0, 0)) {
|
| 137 | 122 |
if (cli_writen(fout, token->content, token->length) != token->length) {
|
| ... | ... |
@@ -155,6 +140,17 @@ static int pdf_decodestream_internal(struct pdf_struct *pdf, struct pdf_obj *obj |
| 155 | 155 |
const char *filter = NULL; |
| 156 | 156 |
int i, rc = CL_SUCCESS; |
| 157 | 157 |
|
| 158 |
+ /* |
|
| 159 |
+ * if pdf is decryptable, scan for CRYPT filter |
|
| 160 |
+ * if none, force a DECRYPT filter application |
|
| 161 |
+ */ |
|
| 162 |
+ if ((pdf->flags & (1 << DECRYPTABLE_PDF)) && !(obj->flags & (1 << OBJ_FILTER_CRYPT))) {
|
|
| 163 |
+ cli_dbgmsg("cli_pdf: decoding => non-filter CRYPT\n");
|
|
| 164 |
+ if ((rc = filter_decrypt(pdf, obj, params, token, 1)) != CL_SUCCESS) {
|
|
| 165 |
+ return rc; |
|
| 166 |
+ } |
|
| 167 |
+ } |
|
| 168 |
+ |
|
| 158 | 169 |
for (i = 0; i < obj->numfilters; i++) {
|
| 159 | 170 |
switch(obj->filterlist[i]) {
|
| 160 | 171 |
case OBJ_FILTER_A85: |
| ... | ... |
@@ -263,7 +259,7 @@ static int pdf_decode_dump(struct pdf_struct *pdf, struct pdf_obj *obj, struct p |
| 263 | 263 |
*/ |
| 264 | 264 |
static int filter_ascii85decode(struct pdf_struct *pdf, struct pdf_obj *obj, struct pdf_token *token) |
| 265 | 265 |
{
|
| 266 |
- uint8_t *decoded; |
|
| 266 |
+ uint8_t *decoded, *dptr; |
|
| 267 | 267 |
uint32_t declen = 0; |
| 268 | 268 |
|
| 269 | 269 |
const uint8_t *ptr = (uint8_t *)token->content; |
| ... | ... |
@@ -271,8 +267,8 @@ static int filter_ascii85decode(struct pdf_struct *pdf, struct pdf_obj *obj, str |
| 271 | 271 |
int quintet = 0, rc = CL_SUCCESS; |
| 272 | 272 |
uint64_t sum = 0; |
| 273 | 273 |
|
| 274 |
- /* 5:4 decoding ratio - (5*length), ((length/5+1)*4), (((x+4)/5)*4) */ |
|
| 275 |
- if (!(decoded = (uint8_t *)cli_malloc(((remaining+4)/5)*4))) {
|
|
| 274 |
+ /* 5:4 decoding ratio, with 1:4 expansion sequences => (4*length)+1 */ |
|
| 275 |
+ if (!(dptr = decoded = (uint8_t *)cli_malloc((4*remaining)+1))) {
|
|
| 276 | 276 |
cli_errmsg("cli_pdf: cannot allocate memory for decoded output\n");
|
| 277 | 277 |
return CL_EMEM; |
| 278 | 278 |
} |
| ... | ... |
@@ -291,10 +287,10 @@ static int filter_ascii85decode(struct pdf_struct *pdf, struct pdf_obj *obj, str |
| 291 | 291 |
if(byte >= '!' && byte <= 'u') {
|
| 292 | 292 |
sum = (sum * 85) + ((uint32_t)byte - '!'); |
| 293 | 293 |
if(++quintet == 5) {
|
| 294 |
- *decoded++ = (unsigned char)(sum >> 24); |
|
| 295 |
- *decoded++ = (unsigned char)((sum >> 16) & 0xFF); |
|
| 296 |
- *decoded++ = (unsigned char)((sum >> 8) & 0xFF); |
|
| 297 |
- *decoded++ = (unsigned char)(sum & 0xFF); |
|
| 294 |
+ *dptr++ = (unsigned char)(sum >> 24); |
|
| 295 |
+ *dptr++ = (unsigned char)((sum >> 16) & 0xFF); |
|
| 296 |
+ *dptr++ = (unsigned char)((sum >> 8) & 0xFF); |
|
| 297 |
+ *dptr++ = (unsigned char)(sum & 0xFF); |
|
| 298 | 298 |
|
| 299 | 299 |
declen += 4; |
| 300 | 300 |
quintet = 0; |
| ... | ... |
@@ -307,10 +303,10 @@ static int filter_ascii85decode(struct pdf_struct *pdf, struct pdf_obj *obj, str |
| 307 | 307 |
break; |
| 308 | 308 |
} |
| 309 | 309 |
|
| 310 |
- *decoded++ = '\0'; |
|
| 311 |
- *decoded++ = '\0'; |
|
| 312 |
- *decoded++ = '\0'; |
|
| 313 |
- *decoded++ = '\0'; |
|
| 310 |
+ *dptr++ = '\0'; |
|
| 311 |
+ *dptr++ = '\0'; |
|
| 312 |
+ *dptr++ = '\0'; |
|
| 313 |
+ *dptr++ = '\0'; |
|
| 314 | 314 |
|
| 315 | 315 |
declen += 4; |
| 316 | 316 |
} else if(byte == EOF) {
|
| ... | ... |
@@ -331,7 +327,7 @@ static int filter_ascii85decode(struct pdf_struct *pdf, struct pdf_obj *obj, str |
| 331 | 331 |
sum += (0xFFFFFF >> ((quintet - 2) * 8)); |
| 332 | 332 |
|
| 333 | 333 |
for(i = 0; i < quintet - 1; i++) |
| 334 |
- *decoded++ = (uint8_t)((sum >> (24 - 8 * i)) & 0xFF); |
|
| 334 |
+ *dptr++ = (uint8_t)((sum >> (24 - 8 * i)) & 0xFF); |
|
| 335 | 335 |
declen += quintet-1; |
| 336 | 336 |
} |
| 337 | 337 |
|