I’ve been writing unit tests to check the fixes for various parser related CVEs.

I’m happy to say the fix for CVE-2017-5853 and CVE-2017-6844 prevents overflows 
on 32-bit (Win32) and LP64 (macOS) architectures for a wide range of values. 
I’ve not tested LLP64 (Win64) which may behave differently because sizeof(long) 
!= sizeof(size_t).

I did find 2 problems:

  1.  m_offsets.resize() can throw std::length_error as well as std::bad_alloc. 
The C++ spec also says implementations are allowed to throw other exceptions in 
addition to these as long as they’re derived from the base class 
(std::exception). Currently ReadXRefSubSection throws a std::length_error 
instead of PdfError for large values of nFirstObject and nNumObjects – this 
cause an unhandled exception termination unless the caller is catching 
std::length_error. I think this needs fixed for 0.9.6 - the attached patch 
fixes that.

  2.  The PdfError thrown for out-of-range values is ePdfError_ValueOutOfRange 
for some values and ePdfError_InvalidXRef for other values (and the specific 
values change depending on whether the code is compiled for 32-bit or 64-bit). 
I don’t think this is serious enough to fix for 0.9.6 – but the fix would be 
making all the errors in ReadXRefSubSection all throw ePdfError_InvalidXRef or 
all throw ePdfError_InvalidXRef.

If I can also submit the parser unit tests now, but I was planning to wait 
until 0.9.6 release was complete


Mark Rogers - mark.rog...@powermapper.com<mailto:mark.rog...@powermapper.com>
PowerMapper Software Ltd - www.powermapper.com
Registered in Scotland No 362274 Quartermile 2 Edinburgh EH3 9GL

Attachment: patch-length-error.diff
Description: patch-length-error.diff

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Podofo-users mailing list

Reply via email to