Browse code
bb12008: correction to object length check when parsing strings in pdf dictionaries.
Micah Snyder authored on 2018/03/09 02:22:57Showing 1 changed files
| ... | ... |
@@ -1,5 +1,5 @@ |
| 1 | 1 |
/* |
| 2 |
- * Copyright (C) 2014, 2017 Cisco and/or its affiliates. All rights reserved. |
|
| 2 |
+ * Copyright (C) 2014, 2017-2018 Cisco and/or its affiliates. All rights reserved. |
|
| 3 | 3 |
* |
| 4 | 4 |
* Author: Shawn Webb |
| 5 | 5 |
* |
| ... | ... |
@@ -590,7 +590,7 @@ char *pdf_parse_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char * |
| 590 | 590 |
|
| 591 | 591 |
/* Make a best effort to find the end of the string and determine if UTF-* */ |
| 592 | 592 |
p2 = ++p1; |
| 593 |
- checklen = cli_strnlen(p1, objsize - 1) + 1; |
|
| 593 |
+ checklen = cli_strnlen(p1, objsize - (size_t)(p1 - oobj)) + 1; |
|
| 594 | 594 |
|
| 595 | 595 |
while (p2 < objstart + checklen) {
|
| 596 | 596 |
int shouldbreak=0; |