OrgGo/unipdf
1
0
Fork 0
mirror of https://github.com/unidoc/unipdf.git synced 2025-05-02 22:17:06 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add bounds check in crypt, parser. Avoid division by zero.

Browse Source
This commit is contained in:
Gunnsteinn Hall 2017-07-23 20:20:05 +00:00
parent 3639b5c279
commit 7f83a4ea2f
4 changed files with 45 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pdf/core/crypt.go
View File

@ -1230,8 +1230,12 @@ func (this *PdfCrypt) Alg6(upass []byte) (bool, error) {
if this.R >= 3 { if this.R >= 3 {
// comparing on the first 16 bytes in the case of security // comparing on the first 16 bytes in the case of security
// handlers of revision 3 or greater), // handlers of revision 3 or greater),
uGen = uGen[0:16] if len(uGen) > 16 {
uDoc = uDoc[0:16] uGen = uGen[0:16]
}
if len(uDoc) > 16 {
uDoc = uDoc[0:16]
}
} }
if uGen == uDoc { if uGen == uDoc {
this.EncryptionKey = key this.EncryptionKey = key

4
pdf/core/encoding.go
View File

@ -253,6 +253,10 @@ func (this *FlateEncoder) DecodeStream(streamObj *PdfObjectStream) ([]byte, erro
common.Log.Trace("Colors: %d", this.Colors) common.Log.Trace("Colors: %d", this.Colors)
rowLength := int(this.Columns) * this.Colors rowLength := int(this.Columns) * this.Colors
if rowLength < 1 {
// No data. Return empty set.
return []byte{}, nil
}
rows := len(outData) / rowLength rows := len(outData) / rowLength
if len(outData)%rowLength != 0 { if len(outData)%rowLength != 0 {
common.Log.Debug("ERROR: TIFF encoding: Invalid row length...") common.Log.Debug("ERROR: TIFF encoding: Invalid row length...")

18
pdf/core/parser.go
View File

@ -940,9 +940,27 @@ func (this *PdfParser) parseXrefStream(xstm *PdfObjectInteger) (*PdfObjectDictio
common.Log.Trace("Decoded stream length: %d", len(ds)) common.Log.Trace("Decoded stream length: %d", len(ds))
objIndex := 0 objIndex := 0
for i := 0; i < len(ds); i += deltab { for i := 0; i < len(ds); i += deltab {
err := checkBounds(len(ds), i, i+s0)
if err != nil {
common.Log.Debug("Invalid slice range: %v", err)
return nil, err
}
p1 := ds[i : i+s0] p1 := ds[i : i+s0]
err = checkBounds(len(ds), i+s0, i+s1)
if err != nil {
common.Log.Debug("Invalid slice range: %v", err)
return nil, err
}
p2 := ds[i+s0 : i+s1] p2 := ds[i+s0 : i+s1]
err = checkBounds(len(ds), i+s1, i+s2)
if err != nil {
common.Log.Debug("Invalid slice range: %v", err)
return nil, err
}
p3 := ds[i+s1 : i+s2] p3 := ds[i+s1 : i+s2]
ftype := convertBytes(p1) ftype := convertBytes(p1)
n2 := convertBytes(p2) n2 := convertBytes(p2)
n3 := convertBytes(p3) n3 := convertBytes(p3)

17
pdf/core/utils.go
View File

@ -6,12 +6,29 @@
package core package core
import ( import (
"errors"
"fmt" "fmt"
"sort" "sort"
"github.com/unidoc/unidoc/common" "github.com/unidoc/unidoc/common"
) )
// Check slice range to make sure within bounds for accessing:
// slice[a:b] where sliceLen=len(slice).
func checkBounds(sliceLen, a, b int) error {
if a < 0 || a > sliceLen {
return errors.New("Slice index a out of bounds")
}
if b < a {
return errors.New("Invalid slice index b < a")
}
if b > sliceLen {
return errors.New("Slice index b out of bounds")
}
return nil
}
// Inspect analyzes the document object structure. // Inspect analyzes the document object structure.
func (this *PdfParser) Inspect() (map[string]int, error) { func (this *PdfParser) Inspect() (map[string]int, error) {
return this.inspect() return this.inspect()