diff options
author | yzrh <yzrh@noema.org> | 2022-12-29 03:58:22 +0000 |
---|---|---|
committer | yzrh <yzrh@noema.org> | 2022-12-29 04:05:34 +0000 |
commit | cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b (patch) | |
tree | 1f398090b9382fc8cbb6bfea1249fbf966945eb6 /src | |
parent | 988a751c15b43942b20ed437a15d6da6945aa883 (diff) | |
download | melon-cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b.tar.gz melon-cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b.tar.zst |
Fix buffer overflow when object size is less than 8 bytes.
Signed-off-by: yzrh <yzrh@noema.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/pdf_parser.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/pdf_parser.c b/src/pdf_parser.c index 3b29c52..b4470f9 100644 --- a/src/pdf_parser.c +++ b/src/pdf_parser.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020-2021, yzrh <yzrh@noema.org> + * Copyright (c) 2020-2022, yzrh <yzrh@noema.org> * * SPDX-License-Identifier: Apache-2.0 */ @@ -126,6 +126,7 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf) pdf_object_t *ptr = (*pdf)->next; + char str[8]; char *buf; char *head; char *tail; @@ -140,11 +141,11 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf) memset(buf, 0, ptr->size); fseek(*fp, ptr->address - 12, SEEK_SET); - fread(buf, 8, 1, *fp); + fread(str, 8, 1, *fp); for (int i = 0; i < 8; i++) { - if (buf[i] >= '0' && buf[i] <= '9') { - ptr->id = atoi(buf + i); + if (str[i] >= '0' && str[i] <= '9') { + ptr->id = atoi(str + i); break; } } |