From ad239714b0f9fb806abfbb0fbe4420e7304cb09f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C5=99emysl=20Janouch?= <p@janouch.name>
Date: Tue, 2 Oct 2018 23:18:50 +0200
Subject: Add comments about some potential issues

 - lack of number range verification
 - lack of sanitization when serializing dicts
---
 pdf-simple-sign.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pdf-simple-sign.cpp b/pdf-simple-sign.cpp
index ec2e6ae..a2947dd 100644
--- a/pdf-simple-sign.cpp
+++ b/pdf-simple-sign.cpp
@@ -301,6 +301,7 @@ static std::string pdf_serialize(const pdf_object& o) {
   {
     std::string s;
     for (const auto i : o.dict)
+      // FIXME the key is also supposed to be escaped by pdf_serialize()
       s += " /" + i.first + " " + pdf_serialize(i.second);
     return "<<" + s + " >>";
   }
@@ -543,6 +544,7 @@ std::string pdf_updater::initialize() {
     const auto prev_offset = trailer.dict.find("Prev");
     if (prev_offset == trailer.dict.end())
       break;
+    // FIXME we don't check for size_t over or underflow
     if (!prev_offset->second.is_integer())
       return "invalid Prev offset";
     xref_offset = prev_offset->second.number;
-- 
cgit v1.2.3