podofo/CVE-2017-5886-and-CVE-2018-8000.patch

Description: CVE-2017-5886
Acked-By: Markus Koschany <apo@debian.org>
Acked-By: Mattia Rizzolo <mattia@debian.org>
Last-Update: 2017-05-03
Bug-Debian: https://bugs.debian.org/854604
Origin: https://sourceforge.net/p/podofo/code/1837

--- a/src/base/PdfTokenizer.cpp
+++ b/src/base/PdfTokenizer.cpp
@@ -239,7 +239,7 @@
         *peType = ePdfTokenType_Token;
 
     while( (c = m_device.Device()->Look()) != EOF
-           && counter < static_cast<pdf_int64>(m_buffer.GetSize()) )
+           && counter + 1 < static_cast<pdf_int64>(m_buffer.GetSize()) )
     {
         // ignore leading whitespaces
         if( !counter && IsWhitespace( c ) )