Hi, although I'm no full member of the PoDoFo project (AFAIK), my patches for it were in the great majority accepted, so I'd like to review your (Clemens') patch for PdfString::GetLength() and PdfString::GetUnicodeLength().
I've noticed some issues with it: - AFAIK pdf_long is deprecated in PoDoFo (it's unclear what it's for, should no longer be used therefore) - variable name prefix m_ is for class members (IMO: only), cf. CodingStyle - when m_buffer.GetSize() == 1, with your patch GetLength() returns 0: IMO then it should at least be checked if the buffer contains only a '\0'. - also for GetUnicodeLength() I'd check the contents before returning 0 Best regards, mabri -------------------------------------------- Clemens Kolbitsch <kolbit...@lastline.com> wrote on Fr, 22.01.2016: Subject: [Podofo-users] PdfString with negative length To: podofo-users@lists.sourceforge.net Date: Friday, 22 January 2016, 18:31 Uhr Hi, I'm seeing issues parsing a PDF returning a string with length = -2 (returned by PdfString::GetLength()). The attached patch fixes the invalid length return value, but I'm not sure if it just masquerades a different problem. Given that I'm not yet familiar with this part of the code, it would be great if someone could check what's going on under the hood. Unfortunately the document triggering the bug is confidential, so I cannot share it for testing, but I have checked that the attached patch allows me to correctly parse this PDF. As always, any feedback greatly appreciated :) Thanks,Clemens -- Clemens Kolbitsch Security Researcher kolbit...@lastline.com 805-456-7075 Lastline, Inc. 6950 Hollister Avenue, Suite 101 Goleta, CA 93117 www.lastline.com _______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Podofo-users mailing list Podofo-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/podofo-users
