podofo/CVE-2017-8378.patch

Description: CVE-2017-8378
Acked-By: Mattia Rizzolo <mattia@debian.org>
Bug-Debian: https://bugs.debian.org/861597
Origin: https://sourceforge.net/p/podofo/code/1833

--- a/src/base/PdfParser.cpp
+++ b/src/base/PdfParser.cpp
@@ -981,6 +981,14 @@
         if( pEncrypt->IsReference() ) 
         {
             i = pEncrypt->GetReference().ObjectNumber();
+            if( i <= 0 || static_cast<size_t>( i ) >= m_offsets.size () )
+            {
+                std::ostringstream oss;
+                oss << "Encryption dictionary references a nonexistent object " << pEncrypt->GetReference().ObjectNumber() << " " 
+                    << pEncrypt->GetReference().GenerationNumber();
+                PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, oss.str().c_str() );
+            }
+
             pObject = new PdfParserObject( m_vecObjects, m_device, m_buffer, m_offsets[i].lOffset );
             if( !pObject )
                 PODOFO_RAISE_ERROR( ePdfError_OutOfMemory );
Backport a ton of security fixes 7 years ago			`Description: CVE-2017-8378`
			`Acked-By: Mattia Rizzolo <mattia@debian.org>`
			`Bug-Debian: https://bugs.debian.org/861597`
			`Origin: https://sourceforge.net/p/podofo/code/1833`

			`--- a/src/base/PdfParser.cpp`
			`+++ b/src/base/PdfParser.cpp`
			`@@ -981,6 +981,14 @@`
			`if( pEncrypt->IsReference() )`
			`{`
			`i = pEncrypt->GetReference().ObjectNumber();`
			`+ if( i <= 0 \|\| static_cast<size_t>( i ) >= m_offsets.size () )`
			`+ {`
			`+ std::ostringstream oss;`
			`+ oss << "Encryption dictionary references a nonexistent object " << pEncrypt->GetReference().ObjectNumber() << " "`
			`+ << pEncrypt->GetReference().GenerationNumber();`
			`+ PODOFO_RAISE_ERROR_INFO( ePdfError_InvalidEncryptionDict, oss.str().c_str() );`
			`+ }`
			`+`
			`pObject = new PdfParserObject( m_vecObjects, m_device, m_buffer, m_offsets[i].lOffset );`
			`if( !pObject )`
			`PODOFO_RAISE_ERROR( ePdfError_OutOfMemory );`