mirror of
https://github.com/qpdf/qpdf.git
synced 2024-06-05 03:40:53 +00:00
Security: fix potential multiplication overflow
Better sanity check inputs to bit stream reader
This commit is contained in:
parent
c2e91d8ec3
commit
eb1b1264b4
|
@ -1,5 +1,8 @@
|
||||||
2013-10-05 Jay Berkenbilt <ejb@ql.org>
|
2013-10-05 Jay Berkenbilt <ejb@ql.org>
|
||||||
|
|
||||||
|
* Security fix: perform additional argument sanity checks when
|
||||||
|
reading bit streams.
|
||||||
|
|
||||||
* Security fix: in QUtil::toUTF8, change bounds checking to avoid
|
* Security fix: in QUtil::toUTF8, change bounds checking to avoid
|
||||||
having a pointer point temporarily outside the bounds of an
|
having a pointer point temporarily outside the bounds of an
|
||||||
array. Some compiler optimizations could have made the original
|
array. Some compiler optimizations could have made the original
|
||||||
|
|
|
@ -16,6 +16,10 @@ BitStream::reset()
|
||||||
{
|
{
|
||||||
p = start;
|
p = start;
|
||||||
bit_offset = 7;
|
bit_offset = 7;
|
||||||
|
if (static_cast<unsigned int>(nbytes) > static_cast<unsigned int>(-1) / 8)
|
||||||
|
{
|
||||||
|
throw std::runtime_error("array too large for bitstream");
|
||||||
|
}
|
||||||
bits_available = 8 * nbytes;
|
bits_available = 8 * nbytes;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user