[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[libextractor] Xpdf vulnerability
From: |
Pavol Rusnak |
Subject: |
[libextractor] Xpdf vulnerability |
Date: |
Wed, 23 Apr 2008 15:24:12 +0200 |
User-agent: |
Thunderbird 2.0.0.6 (X11/20070801) |
Hello!
There was a vulnerability in xpdf code found - CVE-2008-1693. I'm
attaching the patch for libextractor.
--
Best Regards / S pozdravom,
Pavol RUSNAK SUSE LINUX, s.r.o
Package Maintainer Lihovarska 1060/12
PGP 0xA6917144 19000 Praha 9, CR
prusnak[at]suse.cz http://www.suse.cz
--- src/plugins/pdf/Object.h
+++ src/plugins/pdf/Object.h
@@ -68,17 +68,18 @@
//------------------------------------------------------------------------
#ifdef DEBUG_MEM
-#define initObj(t) ++numAlloc[type = t]
+#define initObj(t) zeroUnion(); ++numAlloc[type = t]
#else
-#define initObj(t) type = t
+#define initObj(t) zeroUnion(); type = t
#endif
class Object {
public:
-
+ // attempt to clear the anonymous union
+ void zeroUnion() { this->name = NULL; }
// Default constructor.
Object():
- type(objNone) {}
+ type(objNone) { zeroUnion(); }
// Initialize an object.
Object *initBool(GBool boolnA)
@@ -220,16 +221,16 @@
#include "Array.h"
inline int Object::arrayGetLength()
- { return array->getLength(); }
+ { if (type != objArray) return 0; return array->getLength(); }
inline void Object::arrayAdd(Object *elem)
- { array->add(elem); }
+ { if (type == objArray) array->add(elem); }
inline Object *Object::arrayGet(int i, Object *obj)
- { return array->get(i, obj); }
+ { if (type != objArray) return obj->initNull(); return array->get(i, obj); }
inline Object *Object::arrayGetNF(int i, Object *obj)
- { return array->getNF(i, obj); }
+ { if (type != objArray) return obj->initNull(); return array->getNF(i, obj);
}
//------------------------------------------------------------------------
// Dict accessors.
@@ -238,31 +239,31 @@
#include "Dict.h"
inline int Object::dictGetLength()
- { return dict->getLength(); }
+ { if (type != objDict) return 0; return dict->getLength(); }
inline void Object::dictAdd(char *key, Object *val)
- { dict->add(key, val); }
+ { if (type == objDict) dict->add(key, val); }
inline GBool Object::dictIs(char *dictType)
- { return dict->is(dictType); }
+ { return (type == objDict) && dict->is(dictType); }
inline GBool Object::isDict(char *dictType)
- { return type == objDict && dictIs(dictType); }
+ { return (type == objDict) && dictIs(dictType); }
inline Object *Object::dictLookup(char *key, Object *obj)
- { return dict->lookup(key, obj); }
+ { if (type != objDict) return obj->initNull(); return dict->lookup(key,
obj); }
inline Object *Object::dictLookupNF(char *key, Object *obj)
- { return dict->lookupNF(key, obj); }
+ { if (type != objDict) return obj->initNull(); return dict->lookupNF(key,
obj); }
inline char *Object::dictGetKey(int i)
- { return dict->getKey(i); }
+ { if (type != objDict) return NULL; return dict->getKey(i); }
inline Object *Object::dictGetVal(int i, Object *obj)
- { return dict->getVal(i, obj); }
+ { if (type != objDict) return obj->initNull(); return dict->getVal(i, obj); }
inline Object *Object::dictGetValNF(int i, Object *obj)
- { return dict->getValNF(i, obj); }
+ { if (type != objDict) return obj->initNull(); return dict->getValNF(i,
obj); }
//------------------------------------------------------------------------
// Stream accessors.
@@ -271,33 +272,33 @@
#include "Stream.h"
inline GBool Object::streamIs(char *dictType)
- { return stream->getDict()->is(dictType); }
+ { return (type == objStream) && stream->getDict()->is(dictType); }
inline GBool Object::isStream(char *dictType)
- { return type == objStream && streamIs(dictType); }
+ { return (type == objStream) && streamIs(dictType); }
inline void Object::streamReset()
- { stream->reset(); }
+ { if (type == objStream) stream->reset(); }
inline void Object::streamClose()
- { stream->close(); }
+ { if (type == objStream) stream->close(); }
inline int Object::streamGetChar()
- { return stream->getChar(); }
+ { if (type != objStream) return EOF; return stream->getChar(); }
inline int Object::streamLookChar()
- { return stream->lookChar(); }
+ { if (type != objStream) return EOF; return stream->lookChar(); }
inline char *Object::streamGetLine(char *buf, int size)
- { return stream->getLine(buf, size); }
+ { if (type != objStream) return NULL; return stream->getLine(buf, size); }
inline Guint Object::streamGetPos()
- { return stream->getPos(); }
+ { if (type != objStream) return 0; return stream->getPos(); }
inline void Object::streamSetPos(Guint pos, int dir)
- { stream->setPos(pos, dir); }
+ { if (type == objStream) stream->setPos(pos, dir); }
inline Dict *Object::streamGetDict()
- { return stream->getDict(); }
+ { if (type != objStream) return NULL; return stream->getDict(); }
#endif
- [libextractor] Xpdf vulnerability,
Pavol Rusnak <=