According to OpenSSL 1.1.0 documentation[1], "the decrypted data buffer out passed to the EVP_DecryptUpdate() should have sufficient room for (inl + cipher_block_size) bytes". In TesEncrypt(), pDecryptedBuffer has the exactly the size of the known clear text, which sounds correct but it's currently violating the contract of EVP_DecryptUpdate() used in PdfEncryptAESBase::BaseDecrypt() and causing a buffer overflow detected by MSVC when running the the test in Debug build . Fix TestEncrypt() so the out data buffer will end having exactly inl + cipher_clock_size.
[1] https://www.openssl.org/docs/man1.1.0/crypto/EVP_DecryptUpdate.html
fix-buffer-overflow-TestEncrypt.diff
Description: Binary data
_______________________________________________ Podofo-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/podofo-users
