Re: [Podofo-users] Fix CVE-2017-7378: out-by-one buffer read scanning string

Fri, 28 Apr 2017 09:44:25 -0700 

On Wed, 2017-04-19 at 13:18 +0000, Mark Rogers wrote:
> This fixes an out by one buffer read caused by string loop control
> using

        Hi,
thanks for the patch, unfortunately it didn't fix the issue, I still
see claim from valgrind:

==13503== Command: ./tools/podofotxt2pdf/podofotxt2pdf CVE-2017-7378.pdf out.pdf
==13503== 
==13503== Invalid read of size 2
==13503==    at 0x5036930: PoDoFo::PdfPainter::ExpandTabs(PoDoFo::PdfString 
const&, long) const (PdfPainter.cpp:1947)
==13503==    by 0x502F8EB: PoDoFo::PdfPainter::DrawText(double, double, 
PoDoFo::PdfString const&, long) (PdfPainter.cpp:755)
==13503==    by 0x4020B8: draw(char*, PoDoFo::PdfDocument*, bool, char const*) 
(podofotxt2pdf.cpp:94)
==13503==    by 0x402506: init(char const*, char const*, bool, char const*) 
(podofotxt2pdf.cpp:165)
==13503==    by 0x402790: main (podofotxt2pdf.cpp:212)
==13503==  Address 0x8212978 is 0 bytes after a block of size 72 alloc'd
==13503==    at 0x4C2E1FC: operator new(unsigned long) (vg_replace_malloc.c:334)
==13503==    by 0x4F9826C: PoDoFo::PdfRefCountedBuffer::ReallyResize(unsigned 
long) (PdfRefCountedBuffer.cpp:161)
==13503==    by 0x4F5E300: PoDoFo::PdfRefCountedBuffer::Resize(unsigned long) 
(PdfRefCountedBuffer.h:307)
==13503==    by 0x4F6506F: 
PoDoFo::PdfRefCountedBuffer::PdfRefCountedBuffer(unsigned long) 
(PdfRefCountedBuffer.h:227)
==13503==    by 0x4F9C0CB: PoDoFo::PdfString::Init(char const*, long) 
(PdfString.cpp:570)
==13503==    by 0x4F9A561: PoDoFo::PdfString::PdfString(char const*, 
PoDoFo::PdfEncoding const*) (PdfString.cpp:109)
==13503==    by 0x402083: draw(char*, PoDoFo::PdfDocument*, bool, char const*) 
(podofotxt2pdf.cpp:94)
==13503==    by 0x402506: init(char const*, char const*, bool, char const*) 
(podofotxt2pdf.cpp:165)
==13503==    by 0x402790: main (podofotxt2pdf.cpp:212)

Please let me know whether you are going to extend the patch, otherwise
I can possibly look on it myself.

        Thanks and bye,
        zyx

-- 
http://www.litePDF.cz                                 i...@litepdf.cz

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users

Reply via email to