diff options
authorTor Lillqvist <>2015-02-24 17:39:29 +0200
committerAndras Timar <>2015-03-05 16:45:14 +0100
commit5cf3b2d51cb439a07bc067fa401588d2d9ee6fae (patch)
parent10dd512d4d6fa446dc7014ef9274a2565a834c08 (diff)
tdf#84881: Bump MAX_SIGNATURE_CONTENT_LENGTH to 50000 for now
Note that checks in the code against exceeding that limit apparently are broken, though. After the previous change I ended up with an invalid PDF where the signature hex string in the output PDF had brutally overrun its allocation. Now Adobe Reader says "The signature includes an embedded timestamp but it could not be verified". This is progress. Perhaps I just need to tell Adobe Reader to trust the certificate from the TSA I used. (cherry picked from commit ca2d878659400b783ae72267f47d0c719b50a1ad) Conflicts: vcl/source/gdi/pdfwriter_impl.cxx Change-Id: I1e8644ee641592a985e0190b52bf76839f99b3e7
1 files changed, 14 insertions, 1 deletions
diff --git a/vcl/source/gdi/pdfwriter_impl.cxx b/vcl/source/gdi/pdfwriter_impl.cxx
index 3fc15fa421c9..10cbe473eb28 100644
--- a/vcl/source/gdi/pdfwriter_impl.cxx
+++ b/vcl/source/gdi/pdfwriter_impl.cxx
@@ -103,7 +103,20 @@ using namespace vcl;
#if !defined(ANDROID) && !defined(IOS)
+// Is this length truly the maximum possible, or just a number that
+// seemed large enough when the author tested this (with some type of
+// certificates)? I suspect the latter.
+// Used to be 0x4000 = 16384, but a sample signed PDF (produced by
+// some other software) provided by the customer has a signature
+// content that is 30000 bytes. The SampleSignedPDFDocument.pdf from
+// Adobe has one that is 21942 bytes. So let's be careful. Pity this
+// can't be dynamic, at least not without restructuring the code. Also
+// note that the checks in the code for this being too small
+// apparently are broken, if this overflows you end up with an invalid
+// PDF. Need to fix that.
#ifdef DO_TEST_PDF