fofi/FoFiBase.cc | 2 ++ fofi/FoFiTrueType.cc | 7 +++++-- goo/GooString.cc | 2 +- poppler/Decrypt.cc | 12 +++++++++++- poppler/Stream.h | 5 +++-- poppler/XRef.cc | 3 ++- 6 files changed, 24 insertions(+), 7 deletions(-)
New commits: commit 67df1e16d7ae87e8b05c3186063cb925a799790a Author: Albert Astals Cid <[email protected]> Date: Mon Sep 5 16:10:58 2016 +0200 Check we don't overflow in some calculations Overflow is undefined behaviour diff --git a/fofi/FoFiBase.cc b/fofi/FoFiBase.cc index 86bafd8..07f8164 100644 --- a/fofi/FoFiBase.cc +++ b/fofi/FoFiBase.cc @@ -196,6 +196,8 @@ Guint FoFiBase::getUVarBE(int pos, int size, GBool *ok) { GBool FoFiBase::checkRegion(int pos, int size) { return pos >= 0 && + pos < INT_MAX - size && + size < INT_MAX - pos && pos + size >= pos && pos + size <= len; } diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc index 11699dd..e914a87 100644 --- a/fofi/FoFiTrueType.cc +++ b/fofi/FoFiTrueType.cc @@ -1359,8 +1359,11 @@ void FoFiTrueType::parse() { tables[j].checksum = getU32BE(pos + 4, &parsedOk); tables[j].offset = (int)getU32BE(pos + 8, &parsedOk); tables[j].len = (int)getU32BE(pos + 12, &parsedOk); - if (tables[j].offset + tables[j].len >= tables[j].offset && - tables[j].offset + tables[j].len <= len) { + if (unlikely((tables[j].offset < 0) || + (tables[j].len < 0) || + (tables[j].offset < INT_MAX - tables[j].len) || + (tables[j].len > INT_MAX - tables[j].offset) || + (tables[j].offset + tables[j].len >= tables[j].offset && tables[j].offset + tables[j].len <= len))) { // ignore any bogus entries in the table directory ++j; } commit 7024b3c97df1815a4f1c9f677dc05dcf5ee72c3d Author: Albert Astals Cid <[email protected]> Date: Mon Sep 5 16:09:34 2016 +0200 No need to do a memcpy of an empty string Saves some warnings about memcpy of null strings on some broken documents diff --git a/goo/GooString.cc b/goo/GooString.cc index de9c93c..fb68e27 100644 --- a/goo/GooString.cc +++ b/goo/GooString.cc @@ -163,7 +163,7 @@ void inline GooString::resize(int newLength) { // assert(s != s1) the roundedSize condition ensures this if (newLength < length) { memcpy(s1, s, newLength); - } else { + } else if (length > 0) { memcpy(s1, s, length); } if (s != sStatic) commit a902f5983e6802c9346569fcc599cf5f5042bd8d Author: Albert Astals Cid <[email protected]> Date: Mon Sep 5 16:08:17 2016 +0200 initialize XRef::encryptAlgorithm to something diff --git a/poppler/Decrypt.cc b/poppler/Decrypt.cc index cfc9676..c8246fa 100644 --- a/poppler/Decrypt.cc +++ b/poppler/Decrypt.cc @@ -14,7 +14,7 @@ // under GPL version 2 or later // // Copyright (C) 2008 Julien Rebetez <[email protected]> -// Copyright (C) 2008, 2010 Albert Astals Cid <[email protected]> +// Copyright (C) 2008, 2010, 2016 Albert Astals Cid <[email protected]> // Copyright (C) 2009 Matthias Franz <[email protected]> // Copyright (C) 2009 David Benjamin <[email protected]> // Copyright (C) 2012 Fabio D'Urso <[email protected]> @@ -349,6 +349,8 @@ BaseCryptStream::BaseCryptStream(Stream *strA, Guchar *fileKey, CryptAlgorithm a case cryptAES256: objKeyLength = keyLength; break; + case cryptNone: + break; } charactersRead = 0; @@ -433,6 +435,8 @@ void EncryptStream::reset() { state.aes256.bufIdx = 0; state.aes256.paddingReached = gFalse; break; + case cryptNone: + break; } } @@ -473,6 +477,8 @@ int EncryptStream::lookChar() { c = state.aes256.buf[state.aes256.bufIdx++]; } break; + case cryptNone: + break; } return (nextCharBuff = c); } @@ -513,6 +519,8 @@ void DecryptStream::reset() { } state.aes256.bufIdx = 16; break; + case cryptNone: + break; } } @@ -554,6 +562,8 @@ int DecryptStream::lookChar() { c = state.aes256.buf[state.aes256.bufIdx++]; } break; + case cryptNone: + break; } return (nextCharBuff = c); } diff --git a/poppler/Stream.h b/poppler/Stream.h index 8304b6c..07b3933 100644 --- a/poppler/Stream.h +++ b/poppler/Stream.h @@ -15,7 +15,7 @@ // // Copyright (C) 2005 Jeff Muizelaar <[email protected]> // Copyright (C) 2008 Julien Rebetez <[email protected]> -// Copyright (C) 2008, 2010, 2011 Albert Astals Cid <[email protected]> +// Copyright (C) 2008, 2010, 2011, 2016 Albert Astals Cid <[email protected]> // Copyright (C) 2009 Carlos Garcia Campos <[email protected]> // Copyright (C) 2009 Stefan Thomas <[email protected]> // Copyright (C) 2010 Hib Eris <[email protected]> @@ -81,7 +81,8 @@ enum StreamColorSpaceMode { enum CryptAlgorithm { cryptRC4, cryptAES, - cryptAES256 + cryptAES256, + cryptNone }; //------------------------------------------------------------------------ diff --git a/poppler/XRef.cc b/poppler/XRef.cc index 75fa52d..d9e6db5 100644 --- a/poppler/XRef.cc +++ b/poppler/XRef.cc @@ -15,7 +15,7 @@ // // Copyright (C) 2005 Dan Sheridan <[email protected]> // Copyright (C) 2005 Brad Hards <[email protected]> -// Copyright (C) 2006, 2008, 2010, 2012-2014 Albert Astals Cid <[email protected]> +// Copyright (C) 2006, 2008, 2010, 2012-2014, 2016 Albert Astals Cid <[email protected]> // Copyright (C) 2007-2008 Julien Rebetez <[email protected]> // Copyright (C) 2007 Carlos Garcia Campos <[email protected]> // Copyright (C) 2009, 2010 Ilya Gorenbein <[email protected]> @@ -300,6 +300,7 @@ void XRef::init() { rootNum = -1; strOwner = gFalse; xrefReconstructed = gFalse; + encAlgorithm = cryptNone; } XRef::XRef() { _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
