Hello all,
I'd like some opinions about the attached patch for solving
issue #39 [1] in which I have opted against throwing an
exception in order to avoid interrupting processing /Names
arrays in PdfNamesTree::AddToDictionary(PdfObject*, PDFDictionary&)
which would lose information. However, in podofopdfinfo,
against which the issue is reported, logging (which I used
instead of throwing) is disabled, so the log message isn't
output. Is it OK for you if I commit a change enabling that
logging first (before committing the attached patch, which
if there aren't objections, I plan to do tonight ca. 22:00 UTC),
should I alternatively commit both in one, or what do you think?
Best regards, mabri
[1] https://sourceforge.net/p/podofo/tickets/39/
Index: src/doc/PdfNamesTree.cpp
===================================================================
--- src/doc/PdfNamesTree.cpp (revision 1960)
+++ src/doc/PdfNamesTree.cpp (working copy)
@@ -504,7 +504,17 @@
// convert all strings into names
PdfName name( (*it).GetString().GetString() );
++it;
- rDict.AddKey( name, *(it) );
+ if ( it == names.end() )
+ {
+ // logging needs to be enabled for this (e.g. in podofopdfinfo)
+ PdfError::LogMessage( eLogSeverity_Warning,
+ "No reference in /Names array last element in "
+ "object %lu %lu, possible\nexploit attempt!\n",
+ pObj->Reference().ObjectNumber(),
+ pObj->Reference().GenerationNumber() );
+ break;
+ }
+ rDict.AddKey( name, (*it) );
++it;
}
_______________________________________________
Podofo-users mailing list
Podofo-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/podofo-users
