Hi zyx, hi all,
I've addressed the below concerns, and run-tested as I could, pity
my GCC 5.2.1 didn't find a difference with/out patch with the option
-fsanitize=undefined, except for my diagnostic message ;-(. I used
the same test program as earlier. Please review the patch attached.
> zyx <z...@litepdf.cz> has written on 28 February 2017 at 08:38:
>
> On Tue, 2017-02-28 at 00:14 +0100, Matthew Brincke wrote:
>
> > I haven't completed testing yet
>
> Hi,
> thanks for the patch. Just from a quick read of the proposed change:
>
> > * const pdf_int64 maxNum
> > * = static_cast(std::numeric_limits::max());
>
> As far as I know, 'long' type is architectural dependant, 32 bits on
> 32bit arch and 64 bits on 64bit arch, thus it produces different
> values. Avoiding a 'long' usage might be a general benefit.
>
> > * "(%ld)!\n",
> > * nFirstObject + nNumObjects, m_nNumObjects ); // 2nd arg is long!
>
> The %ld is incorrect for the same reason. There are defines for proper
> formats, or cast the second argument to pdf_int64 instead and use the
> format specifier as before.
>
> > * ") in this XRef table than supported by this version of PoDoFo, "
>
> This sounds odd to me, are you sure it's about what PoDoFo supports,
> not about what the standard supports? I mean, the standard suggests to
> stay in those limits even if the writer runs on a system which can
> cover more objects, to be compatible with 32-bit systems (because you
> never know on which system the reader runs).
> Bye,
> zyx
--- PdfParser.cpp (revision 1837)
+++ PdfParser.cpp (working copy)
@@ -745,21 +745,28 @@ void PdfParser::ReadXRefContents( pdf_lo
void PdfParser::ReadXRefSubsection( pdf_int64 & nFirstObject, pdf_int64 & nNumObjects )
{
- int count = 0;
+ pdf_int64 count = 0;
#ifdef PODOFO_VERBOSE_DEBUG
PdfError::DebugMessage("Reading XRef Section: %" PDF_FORMAT_INT64 " with %" PDF_FORMAT_INT64 " Objects.\n", nFirstObject, nNumObjects );
#endif // PODOFO_VERBOSE_DEBUG
- if ( nFirstObject + nNumObjects > m_nNumObjects )
+ const pdf_int64 maxNum
+ = static_cast<pdf_int64>(PdfParser::s_nMaxObjects);
+
+ if( (maxNum >= nNumObjects) && (nFirstObject < maxNum - nNumObjects) )
{
- // Total number of xref entries to read is greater than the /Size
- // specified in the trailer if any. That's an error unless we're trying
- // to recover from a missing /Size entry.
- PdfError::LogMessage( eLogSeverity_Warning,
- "There are more objects (%" PDF_FORMAT_INT64 ") in this XRef table than "
- "specified in the size key of the trailer directory (%" PDF_FORMAT_INT64 ")!\n",
- nFirstObject + nNumObjects, m_nNumObjects );
+ if( nFirstObject + nNumObjects > m_nNumObjects )
+ {
+ // Total number of xref entries to read is greater than the /Size
+ // specified in the trailer if any. That's an error unless we're
+ // trying to recover from a missing /Size entry.
+ PdfError::LogMessage( eLogSeverity_Warning,
+ "\nThere are more objects (%" PDF_FORMAT_INT64 ") in this XRef "
+ "table than specified in the size key of the trailer directory "
+ "(%" PDF_FORMAT_INT64 ")!\n", nFirstObject + nNumObjects,
+ static_cast<pdf_int64>( m_nNumObjects ));
+ }
#ifdef _WIN32
m_nNumObjects = static_cast<long>(nFirstObject + nNumObjects);
@@ -768,7 +775,16 @@ void PdfParser::ReadXRefSubsection( pdf_
m_nNumObjects = nFirstObject + nNumObjects;
m_offsets.resize(nFirstObject+nNumObjects);
#endif // _WIN32
- }
+
+ }
+ else
+ {
+ PdfError::LogMessage( eLogSeverity_Error, "There are more objects (%"
+ PDF_FORMAT_INT64 " + %" PDF_FORMAT_INT64 " seemingly) in this XRef"
+ " table\nthan supported by standard PDF, or it's inconsistent.\n",
+ nFirstObject, nNumObjects);
+ PODOFO_RAISE_ERROR( ePdfError_InvalidXRef );
+ }
// consume all whitespaces
int charcode;
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users
