2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 19:08:59 +00:00

Check integer overflow in resolveObjectsInStream

Fixes a crash found by fuzzing.
This commit is contained in:
Dean Scarff 2020-07-02 13:56:09 +10:00 committed by Jay Berkenbilt
parent 9a3791c53b
commit 153060a0c5

View File

@ -2151,8 +2151,8 @@ QPDF::resolveObjectsInStream(int obj_stream_number)
}
int num = QUtil::string_to_int(tnum.getValue().c_str());
int offset = QUtil::string_to_int(toffset.getValue().c_str());
offsets[num] = offset + first;
long long offset = QUtil::string_to_int(toffset.getValue().c_str());
offsets[num] = QIntC::to_int(offset + first);
}
// To avoid having to read the object stream multiple times, store