On Fri, 2017-04-07 at 19:39 +0000, Mark Rogers wrote:
> I’ve been doing some patching over the past couple of days and have
> patches for most of the CVEs.
Hi,
okay, I'll wait for your changes then.
> I think the patch in r1835 fixes the case where pObj == pObj-
> >GetParent() but I don’t think it fixes cases where pObj == pObj-
> >GetParent()->GetParent() or pObj->GetParent() == pObj->GetParent()-
> >GetParent(). There’s also the problem of an attacker deliberately
> creating a PDF with very deeply nested objects to cause a stack
> overflow.
Yes, that's true. One of the reasons why I asked for discussion of
those changes.
I committed your change as revision 1838:
http://sourceforge.net/p/podofo/code/1838
Bye,
zyx
--
http://www.litePDF.cz i...@litepdf.cz
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users
