diff options
author | Albert Astals Cid <aacid@kde.org> | 2008-09-12 12:05:53 +0200 |
---|---|---|
committer | Albert Astals Cid <aacid@kde.org> | 2008-09-12 12:05:53 +0200 |
commit | 951cffeb2cbff4e179043033b5ac7f5eb764d6dc (patch) | |
tree | 31be82bddb427bb1eb41f4695c88f563d192d582 /poppler/Decrypt.cc | |
parent | 491109edbe827860e764b5fcb67456867923858d (diff) |
Make sure DecryptAESState::bufIdx is never bigger than 16, otherwise we crash
I am not sure this is the correct fix, but fixes crash on files of bugs 13972, 16092 and 17523 and they seem to work ok
Diffstat (limited to 'poppler/Decrypt.cc')
-rw-r--r-- | poppler/Decrypt.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/poppler/Decrypt.cc b/poppler/Decrypt.cc index d9f14925..50f97bd2 100644 --- a/poppler/Decrypt.cc +++ b/poppler/Decrypt.cc @@ -30,6 +30,7 @@ #include <string.h> #include "goo/gmem.h" #include "Decrypt.h" +#include "Error.h" static void rc4InitKey(Guchar *key, int keyLen, Guchar *state); static Guchar rc4DecryptByte(Guchar *state, Guchar *x, Guchar *y, Guchar c); @@ -614,6 +615,11 @@ static void aesDecryptBlock(DecryptAESState *s, Guchar *in, GBool last) { s->buf[i] = s->buf[i-n]; } s->bufIdx = n; + if (n > 16) + { + error(-1, "Reducing bufIdx from %d to 16 to not crash", n); + s->bufIdx = 16; + } } } |