From cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b Mon Sep 17 00:00:00 2001 From: yzrh Date: Thu, 29 Dec 2022 03:58:22 +0000 Subject: [PATCH] Fix buffer overflow when object size is less than 8 bytes. Signed-off-by: yzrh --- src/pdf_parser.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/pdf_parser.c b/src/pdf_parser.c index 3b29c52..b4470f9 100644 --- a/src/pdf_parser.c +++ b/src/pdf_parser.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2021, yzrh + * Copyright (c) 2020-2022, yzrh * * SPDX-License-Identifier: Apache-2.0 */ @@ -126,6 +126,7 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf) pdf_object_t *ptr = (*pdf)->next; + char str[8]; char *buf; char *head; char *tail; @@ -140,11 +141,11 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf) memset(buf, 0, ptr->size); fseek(*fp, ptr->address - 12, SEEK_SET); - fread(buf, 8, 1, *fp); + fread(str, 8, 1, *fp); for (int i = 0; i < 8; i++) { - if (buf[i] >= '0' && buf[i] <= '9') { - ptr->id = atoi(buf + i); + if (str[i] >= '0' && str[i] <= '9') { + ptr->id = atoi(str + i); break; } }