Fix buffer overflow when object size is less than 8 bytes.

Signed-off-by: yzrh <yzrh@noema.org>
author: yzrh <yzrh@noema.org> 2022-12-29 03:58:22 +0000
committer: yzrh <yzrh@noema.org> 2022-12-29 04:05:34 +0000
commit: cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b (patch)
tree: 1f398090b9382fc8cbb6bfea1249fbf966945eb6 /src
parent: 988a751c15b43942b20ed437a15d6da6945aa883 (diff)
download: melon-cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b.tar.gz
melon-cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b.tar.zst
1 files changed, 5 insertions, 4 deletions
diff --git a/src/pdf_parser.c b/src/pdf_parser.c
index 3b29c52..b4470f9 100644
--- a/src/pdf_parser.c
+++ b/src/pdf_parser.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020-2021, yzrh <yzrh@noema.org>
+ * Copyright (c) 2020-2022, yzrh <yzrh@noema.org>
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -126,6 +126,7 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
 
 	pdf_object_t *ptr = (*pdf)->next;
 
+	char str[8];
 	char *buf;
 	char *head;
 	char *tail;
@@ -140,11 +141,11 @@ pdf_load(pdf_object_t **pdf, FILE **fp, int size_buf)
 		memset(buf, 0, ptr->size);
 
 		fseek(*fp, ptr->address - 12, SEEK_SET);
-		fread(buf, 8, 1, *fp);
+		fread(str, 8, 1, *fp);
 
 		for (int i = 0; i < 8; i++) {
-			if (buf[i] >= '0' && buf[i] <= '9') {
-				ptr->id = atoi(buf + i);
+			if (str[i] >= '0' && str[i] <= '9') {
+				ptr->id = atoi(str + i);
 				break;
 			}
 		}
author	yzrh <yzrh@noema.org>	2022-12-29 03:58:22 +0000
committer	yzrh <yzrh@noema.org>	2022-12-29 04:05:34 +0000
commit	cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b (patch)
tree	1f398090b9382fc8cbb6bfea1249fbf966945eb6 /src
parent	988a751c15b43942b20ed437a15d6da6945aa883 (diff)
download	melon-cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b.tar.gz melon-cd0af5ba3ceee50b1c8a287149b48b2f4cb7ce0b.tar.zst