[poppler] Branch 'xpdf304merge' - goo/GooString.cc

Carlos Garcia Campos carlosgc at kemper.freedesktop.org
Fri Jun 6 10:04:14 PDT 2014 

 goo/GooString.cc |   18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

New commits:
commit 6f78125cda11d97d8db3e3d0e9cba7029f0bc9d8
Author: Carlos Garcia Campos <carlosgc at gnome.org>
Date:   Fri Jun 6 19:02:11 2014 +0200

    xpdf304: Added some integer overflow checks in the GooString class

diff --git a/goo/GooString.cc b/goo/GooString.cc
index 8591d95..58d980a 100644
--- a/goo/GooString.cc
+++ b/goo/GooString.cc
@@ -42,6 +42,7 @@
 #include <ctype.h>
 #include <assert.h>
 #include <math.h>
+#include <limits.h>
 #include "gmem.h"
 #include "GooString.h"
 
@@ -243,6 +244,10 @@ GooString::GooString(const GooString *str) {
 GooString::GooString(GooString *str1, GooString *str2) {
   s = NULL;
   length = 0;
+  if (str1->length > INT_MAX - str2->length) {
+    fprintf(stderr, "Integer overflow in GooString::GooString()\n");
+    exit(1);
+  }
   Set(str1->getCString(), str1->length, str2->getCString(), str2->length);
 }
 
@@ -295,6 +300,12 @@ GooString *GooString::append(const char *str, int lengthA) {
   int prevLen = length;
   if (CALC_STRING_LEN == lengthA)
     lengthA = strlen(str);
+
+  if (lengthA < 0 || length > INT_MAX - lengthA) {
+    fprintf(stderr, "Integer overflow in GooString::append()\n");
+    exit(1);
+  }
+
   resize(length + lengthA);
   memcpy(s + prevLen, str, lengthA);
   return this;
@@ -782,6 +793,11 @@ GooString *GooString::insert(int i, const char *str, int lengthA) {
   if (CALC_STRING_LEN == lengthA)
     lengthA = strlen(str);
 
+  if (lengthA < 0 || length > INT_MAX - lengthA) {
+    fprintf(stderr, "Integer overflow in GooString::insert()\n");
+    exit(1);
+  }
+
   resize(length + lengthA);
   memmove(s+i+lengthA, s+i, prevLen-i);
   memcpy(s+i, str, lengthA);
@@ -791,7 +807,7 @@ GooString *GooString::insert(int i, const char *str, int lengthA) {
 GooString *GooString::del(int i, int n) {
   int j;
 
-  if (i >= 0 && n > 0 && i + n > 0) {
+  if (i >= 0 && n > 0 && i <= INT_MAX - n) {
     if (i + n > length) {
       n = length - i;
     }

More information about the poppler mailing list