libextractor
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libextractor] Xpdf vulnerability

From: Pavol Rusnak
Subject: [libextractor] Xpdf vulnerability
Date: Wed, 23 Apr 2008 15:24:12 +0200
User-agent: Thunderbird 2.0.0.6 (X11/20070801) 
Hello!

There was a vulnerability in xpdf code found - CVE-2008-1693. I'm
attaching the patch for libextractor.

-- 
Best Regards / S pozdravom,

Pavol RUSNAK                                       SUSE LINUX, s.r.o
Package Maintainer                                Lihovarska 1060/12
PGP 0xA6917144                                     19000 Praha 9, CR
prusnak[at]suse.cz                                http://www.suse.cz


--- src/plugins/pdf/Object.h
+++ src/plugins/pdf/Object.h
@@ -68,17 +68,18 @@
 //------------------------------------------------------------------------
 
 #ifdef DEBUG_MEM
-#define initObj(t) ++numAlloc[type = t]
+#define initObj(t) zeroUnion(); ++numAlloc[type = t]
 #else
-#define initObj(t) type = t
+#define initObj(t) zeroUnion(); type = t
 #endif
 
 class Object {
 public:
-
+  // attempt to clear the anonymous union
+  void zeroUnion() { this->name = NULL; }
   // Default constructor.
   Object():
-    type(objNone) {}
+    type(objNone) { zeroUnion(); }
 
   // Initialize an object.
   Object *initBool(GBool boolnA)
@@ -220,16 +221,16 @@
 #include "Array.h"
 
 inline int Object::arrayGetLength()
-  { return array->getLength(); }
+  { if (type != objArray) return 0; return array->getLength(); }
 
 inline void Object::arrayAdd(Object *elem)
-  { array->add(elem); }
+  { if (type == objArray) array->add(elem); }
 
 inline Object *Object::arrayGet(int i, Object *obj)
-  { return array->get(i, obj); }
+  { if (type != objArray) return obj->initNull(); return array->get(i, obj); }
 
 inline Object *Object::arrayGetNF(int i, Object *obj)
-  { return array->getNF(i, obj); }
+  { if (type != objArray) return obj->initNull(); return array->getNF(i, obj); 
}
 
 //------------------------------------------------------------------------
 // Dict accessors.
@@ -238,31 +239,31 @@
 #include "Dict.h"
 
 inline int Object::dictGetLength()
-  { return dict->getLength(); }
+  { if (type != objDict) return 0; return dict->getLength(); }
 
 inline void Object::dictAdd(char *key, Object *val)
-  { dict->add(key, val); }
+  { if (type == objDict) dict->add(key, val); }
 
 inline GBool Object::dictIs(char *dictType)
-  { return dict->is(dictType); }
+  { return (type == objDict) && dict->is(dictType); }
 
 inline GBool Object::isDict(char *dictType)
-  { return type == objDict && dictIs(dictType); }
+  { return (type == objDict) && dictIs(dictType); }
 
 inline Object *Object::dictLookup(char *key, Object *obj)
-  { return dict->lookup(key, obj); }
+  { if (type != objDict) return obj->initNull(); return dict->lookup(key, 
obj); }
 
 inline Object *Object::dictLookupNF(char *key, Object *obj)
-  { return dict->lookupNF(key, obj); }
+  { if (type != objDict) return obj->initNull(); return dict->lookupNF(key, 
obj); }
 
 inline char *Object::dictGetKey(int i)
-  { return dict->getKey(i); }
+  { if (type != objDict) return NULL; return dict->getKey(i); }
 
 inline Object *Object::dictGetVal(int i, Object *obj)
-  { return dict->getVal(i, obj); }
+  { if (type != objDict) return obj->initNull(); return dict->getVal(i, obj); }
 
 inline Object *Object::dictGetValNF(int i, Object *obj)
-  { return dict->getValNF(i, obj); }
+  { if (type != objDict) return obj->initNull(); return dict->getValNF(i, 
obj); }
 
 //------------------------------------------------------------------------
 // Stream accessors.
@@ -271,33 +272,33 @@
 #include "Stream.h"
 
 inline GBool Object::streamIs(char *dictType)
-  { return stream->getDict()->is(dictType); }
+  { return (type == objStream) && stream->getDict()->is(dictType); }
 
 inline GBool Object::isStream(char *dictType)
-  { return type == objStream && streamIs(dictType); }
+  { return (type == objStream) && streamIs(dictType); }
 
 inline void Object::streamReset()
-  { stream->reset(); }
+  { if (type == objStream) stream->reset(); }
 
 inline void Object::streamClose()
-  { stream->close(); }
+  { if (type == objStream) stream->close(); }
 
 inline int Object::streamGetChar()
-  { return stream->getChar(); }
+  { if (type != objStream) return EOF; return stream->getChar(); }
 
 inline int Object::streamLookChar()
-  { return stream->lookChar(); }
+  { if (type != objStream) return EOF; return stream->lookChar(); }
 
 inline char *Object::streamGetLine(char *buf, int size)
-  { return stream->getLine(buf, size); }
+  { if (type != objStream) return NULL; return stream->getLine(buf, size); }
 
 inline Guint Object::streamGetPos()
-  { return stream->getPos(); }
+  { if (type != objStream) return 0; return stream->getPos(); }
 
 inline void Object::streamSetPos(Guint pos, int dir)
-  { stream->setPos(pos, dir); }
+  { if (type == objStream) stream->setPos(pos, dir); }
 
 inline Dict *Object::streamGetDict()
-  { return stream->getDict(); }
+  { if (type != objStream) return NULL; return stream->getDict(); }
 
 #endif
reply via email to
[Prev in Thread] Current Thread [Next in Thread]