mirror/clamav
1
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2026-05-02 20:56:48 -04:00
Code Issues Packages Projects Releases Wiki Activity

11942 - fixing heap overflow in handle_pdfname. Patch submitted by Suleman Ali.

Browse Source
This commit is contained in:
Mickey Sola
2017-10-30 17:33:19 -04:00
parent f75c04b0c4
commit c8ba4ae2e4
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libclamav/pdf.c
View File

@@ -1237,7 +1237,7 @@ static void handle_pdfname(struct pdf_struct *pdf, struct pdf_obj *obj, const ch
}
/* record filter order */
if ((*state == STATE_FILTER) && ((1 << act->set_objflag) & KNOWN_FILTERS))
if (obj->numfilters < PDF_FILTERLIST_MAX && (*state == STATE_FILTER) && ((1 << act->set_objflag) & KNOWN_FILTERS))
obj->filterlist[obj->numfilters++] = act->set_objflag;
if ((act->nameflags & NAMEFLAG_HEURISTIC) && escapes) {
@@ -1255,7 +1255,7 @@ static void handle_pdfname(struct pdf_struct *pdf, struct pdf_obj *obj, const ch
if (act->from_state == *state || act->from_state == STATE_ANY) {
*state = act->to_state;
if (*state == STATE_FILTER && act->set_objflag !=OBJ_DICT && (obj->flags & (1 << act->set_objflag))) {
if (*state == STATE_FILTER && act->set_objflag != OBJ_DICT && (obj->flags & (1 << act->set_objflag))) {
cli_dbgmsg("cli_pdf: duplicate stream filter %s\n", pdfname);
pdfobj_flag(pdf, obj, BAD_STREAM_FILTERS);
}