Security: fix potential multiplication overflow

Better sanity check inputs to bit stream reader
2024-12-22 02:49:00 +00:00 · 2013-10-05 05:51:54 -04:00 · 2013-10-05 05:51:54 -04:00 · eb1b1264b4
commit eb1b1264b4
parent c2e91d8ec3
2 changed files with 7 additions and 0 deletions
--- a/3
+++ b/3
@ -1,5 +1,8 @@
 2013-10-05  Jay Berkenbilt  <ejb@ql.org>

+	* Security fix: perform additional argument sanity checks when
+	reading bit streams.
+
 	* Security fix: in QUtil::toUTF8, change bounds checking to avoid
 	having a pointer point temporarily outside the bounds of an
 	array.  Some compiler optimizations could have made the original
--- a/libqpdf/BitStream.cc
+++ b/libqpdf/BitStream.cc
@ -16,6 +16,10 @@ BitStream::reset()
 {
    p = start;
    bit_offset = 7;
+    if (static_cast<unsigned int>(nbytes) > static_cast<unsigned int>(-1) / 8)
+    {
+	throw std::runtime_error("array too large for bitstream");
+    }
    bits_available = 8 * nbytes;
 }