[poppler] poppler/Decrypt.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Fri Sep 12 03:07:54 PDT 2008
poppler/Decrypt.cc | 6 ++++++
1 file changed, 6 insertions(+)
New commits:
commit 951cffeb2cbff4e179043033b5ac7f5eb764d6dc
Author: Albert Astals Cid <aacid at kde.org>
Date: Fri Sep 12 12:05:53 2008 +0200
Make sure DecryptAESState::bufIdx is never bigger than 16, otherwise we crash
I am not sure this is the correct fix, but fixes crash on files of bugs 13972, 16092 and 17523 and they seem to work ok
diff --git a/poppler/Decrypt.cc b/poppler/Decrypt.cc
index d9f1492..50f97bd 100644
--- a/poppler/Decrypt.cc
+++ b/poppler/Decrypt.cc
@@ -30,6 +30,7 @@
#include <string.h>
#include "goo/gmem.h"
#include "Decrypt.h"
+#include "Error.h"
static void rc4InitKey(Guchar *key, int keyLen, Guchar *state);
static Guchar rc4DecryptByte(Guchar *state, Guchar *x, Guchar *y, Guchar c);
@@ -614,6 +615,11 @@ static void aesDecryptBlock(DecryptAESState *s, Guchar *in, GBool last) {
s->buf[i] = s->buf[i-n];
}
s->bufIdx = n;
+ if (n > 16)
+ {
+ error(-1, "Reducing bufIdx from %d to 16 to not crash", n);
+ s->bufIdx = 16;
+ }
}
}
More information about the poppler
mailing list