From bcb24af9265133a4d562c4b2ebbf5f54649639af Mon Sep 17 00:00:00 2001 From: Přemysl Eric Janouch
Date: Wed, 8 Dec 2021 20:39:02 +0100 Subject: Minor revision --- pdf-simple-sign.cpp | 6 +++--- pdf/pdf.go | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pdf-simple-sign.cpp b/pdf-simple-sign.cpp index 1050fd9..8b9d1fe 100644 --- a/pdf-simple-sign.cpp +++ b/pdf-simple-sign.cpp @@ -64,7 +64,7 @@ std::string ssprintf(const std::string& format, Args... args) { // ------------------------------------------------------------------------------------------------- /// PDF token/object thingy. Objects may be composed either from one or a sequence of tokens. -/// The PDF Reference doesn't actually speak of tokens. +/// The PDF Reference doesn't actually speak of tokens, though ISO 32000-1:2008 does. struct pdf_object { enum type { END, NL, COMMENT, NIL, BOOL, NUMERIC, KEYWORD, NAME, STRING, @@ -543,8 +543,8 @@ std::string pdf_updater::initialize() { const auto prev_offset = trailer.dict.find("Prev"); if (prev_offset == trailer.dict.end()) break; - // FIXME we don't check for size_t over or underflow - if (!prev_offset->second.is_integer()) + // FIXME do not read offsets and sizes as floating point numbers + if (!prev_offset->second.is_integer() || prev_offset->second.number < 0) return "invalid Prev offset"; xref_offset = prev_offset->second.number; } diff --git a/pdf/pdf.go b/pdf/pdf.go index 4f1f5e1..e004429 100644 --- a/pdf/pdf.go +++ b/pdf/pdf.go @@ -63,9 +63,9 @@ const ( Reference ) -// Object is a PDF token/object thingy. Objects may be composed either from +// Object is a PDF token/object thingy. Objects may be composed either from // one or a sequence of tokens. The PDF Reference doesn't actually speak -// of tokens. +// of tokens, though ISO 32000-1:2008 does. type Object struct { Kind ObjectKind @@ -722,7 +722,7 @@ func NewUpdater(document []byte) (*Updater, error) { if !ok { break } - // FIXME: We don't check for size_t over or underflow. + // FIXME: Do not read offsets and sizes as floating point numbers. if !prevOffset.IsInteger() { return nil, errors.New("invalid Prev offset") } -- cgit v1.2.3-70-g09d2