From ad239714b0f9fb806abfbb0fbe4420e7304cb09f Mon Sep 17 00:00:00 2001 From: Přemysl Janouch Date: Tue, 2 Oct 2018 23:18:50 +0200 Subject: Add comments about some potential issues - lack of number range verification - lack of sanitization when serializing dicts --- pdf-simple-sign.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pdf-simple-sign.cpp b/pdf-simple-sign.cpp index ec2e6ae..a2947dd 100644 --- a/pdf-simple-sign.cpp +++ b/pdf-simple-sign.cpp @@ -301,6 +301,7 @@ static std::string pdf_serialize(const pdf_object& o) { { std::string s; for (const auto i : o.dict) + // FIXME the key is also supposed to be escaped by pdf_serialize() s += " /" + i.first + " " + pdf_serialize(i.second); return "<<" + s + " >>"; } @@ -543,6 +544,7 @@ std::string pdf_updater::initialize() { const auto prev_offset = trailer.dict.find("Prev"); if (prev_offset == trailer.dict.end()) break; + // FIXME we don't check for size_t over or underflow if (!prev_offset->second.is_integer()) return "invalid Prev offset"; xref_offset = prev_offset->second.number; -- cgit v1.2.3-70-g09d2