Browse code
pdf: decryption does not NULL terminate
Kevin Lin authored on 2015/03/21 04:42:56Showing 1 changed files
| ... | ... |
@@ -328,7 +328,12 @@ static char *pdf_finalize_string(struct pdf_struct *pdf, struct pdf_obj *obj, co |
| 328 | 328 |
outlen = (size_t)tmpsz; |
| 329 | 329 |
free(wrkstr); |
| 330 | 330 |
if (output) {
|
| 331 |
- wrkstr = output; |
|
| 331 |
+ wrkstr = cli_calloc(outlen+1, sizeof(char)); |
|
| 332 |
+ if (!wrkstr) {
|
|
| 333 |
+ free(output); |
|
| 334 |
+ return NULL; |
|
| 335 |
+ } |
|
| 336 |
+ memcpy(wrkstr, output, outlen); |
|
| 332 | 337 |
wrklen = outlen; |
| 333 | 338 |
} else {
|
| 334 | 339 |
return NULL; |