[poppler] 2 commits - poppler/Decrypt.cc poppler/GfxFont.cc

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Thu Sep 24 23:53:00 UTC 2020 

 poppler/Decrypt.cc |    9 ++++-----
 poppler/GfxFont.cc |    4 +++-
 2 files changed, 7 insertions(+), 6 deletions(-)

New commits:
commit cfeb9525f0f9e4124de4b3d67de2f4667095366f
Author: Albert Astals Cid <aacid at kde.org>
Date:   Fri Sep 25 01:21:53 2020 +0200

    Fix undefined behaviour null pointer passed as argument 2, which is declared to never be null
    
    Fixes issue #962

diff --git a/poppler/Decrypt.cc b/poppler/Decrypt.cc
index 5f9c46d3..62b11702 100644
--- a/poppler/Decrypt.cc
+++ b/poppler/Decrypt.cc
@@ -1761,10 +1761,7 @@ static void revision6Hash(const GooString *inputPassword, unsigned char *K, cons
 
     int inputPasswordLength = inputPassword->getLength();
     int KLength = 32;
-    int userKeyLength = 0;
-    if (userKey) {
-        userKeyLength = 48;
-    }
+    const int userKeyLength = userKey ? 48 : 0;
     int sequenceLength;
     int totalLength;
     int rounds = 0;
@@ -1775,7 +1772,9 @@ static void revision6Hash(const GooString *inputPassword, unsigned char *K, cons
         // a.make the string K1
         memcpy(K1, inputPassword->c_str(), inputPasswordLength);
         memcpy(K1 + inputPasswordLength, K, KLength);
-        memcpy(K1 + inputPasswordLength + KLength, userKey, userKeyLength);
+        if (userKey) {
+            memcpy(K1 + inputPasswordLength + KLength, userKey, userKeyLength);
+        }
         for (int i = 1; i < 64; ++i) {
             memcpy(K1 + (i * sequenceLength), K1, sequenceLength);
         }
commit 2a3368e9c3c8b9a0031faef15041a8ca81f6710a
Author: Albert Astals Cid <aacid at kde.org>
Date:   Fri Sep 25 01:17:24 2020 +0200

    Fix undefined behaviour applying non-zero offset 1 to null pointer
    
    Fixes issue #963

diff --git a/poppler/GfxFont.cc b/poppler/GfxFont.cc
index 22220abe..e6b3cfda 100644
--- a/poppler/GfxFont.cc
+++ b/poppler/GfxFont.cc
@@ -1455,7 +1455,9 @@ static int parseCharName(char *charName, Unicode *uBuf, int uLen, bool names, bo
                           "parseCharName",
                           lig_part, charName);
             }
-            lig_part = lig_end + 1;
+            if (lig_end) {
+                lig_part = lig_end + 1;
+            }
         } while (lig_end && n < uLen);
         gfree(lig_copy);
         return n;

More information about the poppler mailing list