Browse code
11942 - fixing heap overflow in handle_pdfname. Patch submitted by Suleman Ali.
Mickey Sola authored on 2017/10/31 06:33:19Showing 1 changed files
| ... | ... |
@@ -1237,7 +1237,7 @@ static void handle_pdfname(struct pdf_struct *pdf, struct pdf_obj *obj, const ch |
| 1237 | 1237 |
} |
| 1238 | 1238 |
|
| 1239 | 1239 |
/* record filter order */ |
| 1240 |
- if ((*state == STATE_FILTER) && ((1 << act->set_objflag) & KNOWN_FILTERS)) |
|
| 1240 |
+ if (obj->numfilters < PDF_FILTERLIST_MAX && (*state == STATE_FILTER) && ((1 << act->set_objflag) & KNOWN_FILTERS)) |
|
| 1241 | 1241 |
obj->filterlist[obj->numfilters++] = act->set_objflag; |
| 1242 | 1242 |
|
| 1243 | 1243 |
if ((act->nameflags & NAMEFLAG_HEURISTIC) && escapes) {
|
| ... | ... |
@@ -1255,7 +1255,7 @@ static void handle_pdfname(struct pdf_struct *pdf, struct pdf_obj *obj, const ch |
| 1255 | 1255 |
if (act->from_state == *state || act->from_state == STATE_ANY) {
|
| 1256 | 1256 |
*state = act->to_state; |
| 1257 | 1257 |
|
| 1258 |
- if (*state == STATE_FILTER && act->set_objflag !=OBJ_DICT && (obj->flags & (1 << act->set_objflag))) {
|
|
| 1258 |
+ if (*state == STATE_FILTER && act->set_objflag != OBJ_DICT && (obj->flags & (1 << act->set_objflag))) {
|
|
| 1259 | 1259 |
cli_dbgmsg("cli_pdf: duplicate stream filter %s\n", pdfname);
|
| 1260 | 1260 |
pdfobj_flag(pdf, obj, BAD_STREAM_FILTERS); |
| 1261 | 1261 |
} |