rpms
/
podofo
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '417201e931'
${ noResults }
podofo/CVE-2017-7994.patch

104 lines
4.2 KiB
Raw Normal View History Unescape

Backport a ton of security fixes
7 years ago
Description: CVE-2017-7994
Acked-By: Mattia Rizzolo <mattia@debian.org>
Origin: https://sourceforge.net/p/podofo/code/1849
Bug-Debian: https://bugs.debian.org/860930
Last-Update: 2017-11-12
--- a/tools/podofotxtextract/TextExtractor.cpp
+++ b/tools/podofotxtextract/TextExtractor.cpp
@@ -72,10 +72,21 @@
if( strcmp( pszToken, "l" ) == 0 ||
strcmp( pszToken, "m" ) == 0 )
{
- dCurPosX = stack.top().GetReal();
- stack.pop();
- dCurPosY = stack.top().GetReal();
- stack.pop();
+ if( stack.size() == 2 )
+ {
+ dCurPosX = stack.top().GetReal();
+ stack.pop();
+ dCurPosY = stack.top().GetReal();
+ stack.pop();
+ }
+ else
+ {
+ fprintf( stderr, "WARNING: Token '%s' expects two arguments, but %" PDF_FORMAT_INT64 " given; ignoring\n",
+ pszToken, static_cast<pdf_int64>( stack.size() ) );
+
+ while( !stack.empty() )
+ stack.pop();
+ }
}
else if( strcmp( pszToken, "BT" ) == 0 )
{
@@ -93,6 +104,13 @@
{
if( strcmp( pszToken, "Tf" ) == 0 )
{
+ if( stack.size() < 2 )
+ {
+ fprintf( stderr, "WARNING: Expects two arguments for 'Tf', ignoring\n" );
+ pCurFont = NULL;
+ continue;
+ }
+
stack.pop();
PdfName fontName = stack.top().GetName();
PdfObject* pFont = pPage->GetFromResources( PdfName("Font"), fontName );
@@ -102,21 +120,37 @@
}
pCurFont = pDocument->GetFont( pFont );
- if( !pCurFont )
+ if( !pCurFont )
{
- fprintf( stderr, "WARNING: Unable to create font for object %i %i R\n",
- pFont->Reference().ObjectNumber(),
- pFont->Reference().GenerationNumber() );
+ fprintf( stderr, "WARNING: Unable to create font for object %" PDF_FORMAT_INT64 " %" PDF_FORMAT_INT64 " R\n",
+ static_cast<pdf_int64>( pFont->Reference().ObjectNumber() ),
+ static_cast<pdf_int64>( pFont->Reference().GenerationNumber() ) );
}
}
else if( strcmp( pszToken, "Tj" ) == 0 ||
strcmp( pszToken, "'" ) == 0 )
{
+ if( stack.size() < 1 )
+ {
+ fprintf( stderr, "WARNING: Expects one argument for '%s', ignoring\n", pszToken );
+ continue;
+ }
+
AddTextElement( dCurPosX, dCurPosY, pCurFont, stack.top().GetString() );
stack.pop();
}
else if( strcmp( pszToken, "\"" ) == 0 )
{
+ if( stack.size() < 3 )
+ {
+ fprintf( stderr, "WARNING: Expects three arguments for '%s', ignoring\n", pszToken );
+
+ while( !stack.empty() )
+ stack.pop();
+
+ continue;
+ }
+
AddTextElement( dCurPosX, dCurPosY, pCurFont, stack.top().GetString() );
stack.pop();
stack.pop(); // remove char spacing from stack
@@ -124,6 +158,12 @@
}
else if( strcmp( pszToken, "TJ" ) == 0 )
{
+ if( stack.size() < 3 )
+ {
+ fprintf( stderr, "WARNING: Expects one argument for '%s', ignoring\n", pszToken );
+ continue;
+ }
+
PdfArray array = stack.top().GetArray();
stack.pop();