yzrh/melon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix buffer overflow when object size is less than 8 bytes.

Browse source 
Signed-off-by: yzrh <yzrh@noema.org>
This commit is contained in:
yzrh 2022-12-29 03:58:22 +00:00
parent 988a751c15
commit cd0af5ba3c
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/pdf_parser.c
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2020-2021, yzrh <yzrh@noema.org> * Copyright (c) 2020-2022, yzrh <yzrh@noema.org>
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@ -126,6 +126,7 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
pdf_object_t *ptr = (*pdf)->next; pdf_object_t *ptr = (*pdf)->next;
char str[8];
char *buf; char *buf;
char *head; char *head;
char *tail; char *tail;
@ -140,11 +141,11 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
memset(buf, 0, ptr->size); memset(buf, 0, ptr->size);
fseek(*fp, ptr->address - 12, SEEK_SET); fseek(*fp, ptr->address - 12, SEEK_SET);
fread(buf, 8, 1, *fp); fread(str, 8, 1, *fp);
for (int i = 0; i < 8; i++) { for (int i = 0; i < 8; i++) {
if (buf[i] >= '0' && buf[i] <= '9') { if (str[i] >= '0' && str[i] <= '9') {
ptr->id = atoi(buf + i); ptr->id = atoi(str + i);
break; break;
} }
} }