Minor revision

2 files changed, 6 insertions, 6 deletions

diff --git a/pdf-simple-sign.cpp b/pdf-simple-sign.cpp
index 1050fd9..8b9d1fe 100644
--- a/pdf-simple-sign.cpp
+++ b/pdf-simple-sign.cpp
@@ -64,7 +64,7 @@ std::string ssprintf(const std::string& format, Args... args) {
 // -------------------------------------------------------------------------------------------------
 
 /// PDF token/object thingy.  Objects may be composed either from one or a sequence of tokens.
-/// The PDF Reference doesn't actually speak of tokens.
+/// The PDF Reference doesn't actually speak of tokens, though ISO 32000-1:2008 does.
 struct pdf_object {
   enum type {
     END, NL, COMMENT, NIL, BOOL, NUMERIC, KEYWORD, NAME, STRING,
@@ -543,8 +543,8 @@ std::string pdf_updater::initialize() {
     const auto prev_offset = trailer.dict.find("Prev");
     if (prev_offset == trailer.dict.end())
       break;
-    // FIXME we don't check for size_t over or underflow
-    if (!prev_offset->second.is_integer())
+    // FIXME do not read offsets and sizes as floating point numbers
+    if (!prev_offset->second.is_integer() || prev_offset->second.number < 0)
       return "invalid Prev offset";
     xref_offset = prev_offset->second.number;
   }
diff --git a/pdf/pdf.go b/pdf/pdf.go
index 4f1f5e1..e004429 100644
--- a/pdf/pdf.go
+++ b/pdf/pdf.go
@@ -63,9 +63,9 @@ const (
 	Reference
 )
 
-// Object is a PDF token/object thingy.  Objects may be composed either from
+// Object is a PDF token/object thingy. Objects may be composed either from
 // one or a sequence of tokens. The PDF Reference doesn't actually speak
-// of tokens.
+// of tokens, though ISO 32000-1:2008 does.
 type Object struct {
 	Kind ObjectKind
 
@@ -722,7 +722,7 @@ func NewUpdater(document []byte) (*Updater, error) {
 		if !ok {
 			break
 		}
-		// FIXME: We don't check for size_t over or underflow.
+		// FIXME: Do not read offsets and sizes as floating point numbers.
 		if !prevOffset.IsInteger() {
 			return nil, errors.New("invalid Prev offset")
 		}