aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authoryzrh <yzrh@noema.org>2022-12-29 03:58:22 +0000
committeryzrh <yzrh@noema.org>2022-12-29 04:05:34 +0000
commitcd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b (patch)
tree1f398090b9382fc8cbb6bfea1249fbf966945eb6 /src
parent988a751c15b43942b20ed437a15d6da6945aa883 (diff)
downloadmelon-cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b.tar.gz
melon-cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b.tar.zst
Fix buffer overflow when object size is less than 8 bytes.
Signed-off-by: yzrh <yzrh@noema.org>
Diffstat (limited to 'src')
-rw-r--r--src/pdf_parser.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/src/pdf_parser.c b/src/pdf_parser.c
index 3b29c52..b4470f9 100644
--- a/src/pdf_parser.c
+++ b/src/pdf_parser.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2020-2021, yzrh <yzrh@noema.org>
+ * Copyright (c) 2020-2022, yzrh <yzrh@noema.org>
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -126,6 +126,7 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
pdf_object_t *ptr = (*pdf)->next;
+ char str[8];
char *buf;
char *head;
char *tail;
@@ -140,11 +141,11 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
memset(buf, 0, ptr->size);
fseek(*fp, ptr->address - 12, SEEK_SET);
- fread(buf, 8, 1, *fp);
+ fread(str, 8, 1, *fp);
for (int i = 0; i < 8; i++) {
- if (buf[i] >= '0' && buf[i] <= '9') {
- ptr->id = atoi(buf + i);
+ if (str[i] >= '0' && str[i] <= '9') {
+ ptr->id = atoi(str + i);
break;
}
}