Browse code
bb11803 - Fix pdf out of bound reference.
Steven Morgan authored on 2017/03/17 04:06:09Showing 1 changed files
| ... | ... |
@@ -377,7 +377,7 @@ char *pdf_finalize_string(struct pdf_struct *pdf, struct pdf_obj *obj, const cha |
| 377 | 377 |
|
| 378 | 378 |
char *pdf_parse_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char *objstart, size_t objsize, const char *str, char **endchar, struct pdf_stats_metadata *meta) |
| 379 | 379 |
{
|
| 380 |
- const char *q = objstart; |
|
| 380 |
+ const char *q = objstart, *oobj=obj->start+pdf->map; |
|
| 381 | 381 |
char *p1, *p2; |
| 382 | 382 |
size_t len, checklen; |
| 383 | 383 |
char *res = NULL; |
| ... | ... |
@@ -551,10 +551,10 @@ char *pdf_parse_string(struct pdf_struct *pdf, struct pdf_obj *obj, const char * |
| 551 | 551 |
/* Hex string */ |
| 552 | 552 |
|
| 553 | 553 |
p2 = p1+1; |
| 554 |
- while ((size_t)(p2 - q) < objsize && *p2 != '>') |
|
| 554 |
+ while ((size_t)(p2 - oobj) < objsize && *p2 != '>') |
|
| 555 | 555 |
p2++; |
| 556 | 556 |
|
| 557 |
- if ((size_t)(p2 - q) == objsize) {
|
|
| 557 |
+ if ((size_t)(p2 - oobj) == objsize) {
|
|
| 558 | 558 |
return NULL; |
| 559 | 559 |
} |
| 560 | 560 |
|