mirror of
https://github.com/qpdf/qpdf.git
synced 2024-06-05 11:50:53 +00:00
Security: keep cur_byte pointing into bytes array
This commit is contained in:
parent
b9fe85be28
commit
c2e91d8ec3
|
@ -1,3 +1,10 @@
|
||||||
|
2013-10-05 Jay Berkenbilt <ejb@ql.org>
|
||||||
|
|
||||||
|
* Security fix: in QUtil::toUTF8, change bounds checking to avoid
|
||||||
|
having a pointer point temporarily outside the bounds of an
|
||||||
|
array. Some compiler optimizations could have made the original
|
||||||
|
code unsafe.
|
||||||
|
|
||||||
2013-07-10 Jay Berkenbilt <ejb@ql.org>
|
2013-07-10 Jay Berkenbilt <ejb@ql.org>
|
||||||
|
|
||||||
* 5.0.0: release
|
* 5.0.0: release
|
||||||
|
|
|
@ -360,11 +360,11 @@ QUtil::toUTF8(unsigned long uval)
|
||||||
// Maximum that will fit in high byte now shrinks by one bit
|
// Maximum that will fit in high byte now shrinks by one bit
|
||||||
maxval >>= 1;
|
maxval >>= 1;
|
||||||
// Slide to the left one byte
|
// Slide to the left one byte
|
||||||
--cur_byte;
|
if (cur_byte <= bytes)
|
||||||
if (cur_byte < bytes)
|
|
||||||
{
|
{
|
||||||
throw std::logic_error("QUtil::toUTF8: overflow error");
|
throw std::logic_error("QUtil::toUTF8: overflow error");
|
||||||
}
|
}
|
||||||
|
--cur_byte;
|
||||||
}
|
}
|
||||||
// If maxval is k bits long, the high (7 - k) bits of the
|
// If maxval is k bits long, the high (7 - k) bits of the
|
||||||
// resulting byte must be high.
|
// resulting byte must be high.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user