[Podofo-users] Buffer overrun at PdfTokenizer::ReadString

Mon, 15 Jul 2013 23:06:50 -0700 

Please see these lines at PdfTokenizer::ReadString:
            pdf_long outLen = m_vecBuffer.size() -
pEncrypt->CalculateStreamOffset();
            char * outBuffer = new char[outLen];
            pEncrypt->Decrypt( reinterpret_cast<unsigned
char*>(&(m_vecBuffer[0])),
                              static_cast<unsigned int>(m_vecBuffer.size()),
                              reinterpret_cast<unsigned char*>(outBuffer),
outLen);

The size may calculate incorrectly (too small). Underlying AES encoding
expects output buffer at least 16 bytes long (or divisible by 16 - I'm not
sure, the code is not so clear).
In my particular case "outLen" became equal 7 and buffer overrun happens in
AES_cbc_encrypt (in openssl). I hope you will be able to fix it soon.

Thank you.

-- 
Vladislav Folts
MetaCommunications Engineering

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

Reply via email to