Security: handle empty name in normalizeName

2024-12-22 02:49:00 +00:00 · 2013-10-05 05:52:42 -04:00 · 2013-10-05 05:52:42 -04:00 · b097d7a81b
commit b097d7a81b
parent eb1b1264b4
2 changed files with 9 additions and 0 deletions
--- a/5
+++ b/5
@ -1,5 +1,10 @@
 2013-10-05  Jay Berkenbilt  <ejb@ql.org>

+	* Security fix: properly handle empty strings in
+	QPDF_Name::normalizeName.  The empty string is not a valid name
+	and would never be parsed as a name, so there were no known
+	conditions where this method could be called with an empty string.
+
 	* Security fix: perform additional argument sanity checks when
 	reading bit streams.

--- a/libqpdf/QPDF_Name.cc
+++ b/libqpdf/QPDF_Name.cc
@ -16,6 +16,10 @@ QPDF_Name::~QPDF_Name()
 std::string
 QPDF_Name::normalizeName(std::string const& name)
 {
+    if (name.empty())
+    {
+	return name;
+    }
    std::string result;
    result += name[0];
    for (unsigned int i = 1; i < name.length(); ++i)