Make sure DecryptAESState::bufIdx is never bigger than 16, otherwise we crash

I am not sure this is the correct fix, but fixes crash on files of bugs 13972, 16092 and 17523 and they seem to work ok
author: Albert Astals Cid <aacid@kde.org> 2008-09-12 12:05:53 +0200
committer: Albert Astals Cid <aacid@kde.org> 2008-09-12 12:05:53 +0200
commit: 951cffeb2cbff4e179043033b5ac7f5eb764d6dc (patch)
tree: 31be82bddb427bb1eb41f4695c88f563d192d582 /poppler/Decrypt.cc
parent: 491109edbe827860e764b5fcb67456867923858d (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/poppler/Decrypt.cc b/poppler/Decrypt.cc
index d9f14925..50f97bd2 100644
--- a/poppler/Decrypt.cc
+++ b/poppler/Decrypt.cc
@@ -30,6 +30,7 @@
 #include <string.h>
 #include "goo/gmem.h"
 #include "Decrypt.h"
+#include "Error.h"
 
 static void rc4InitKey(Guchar *key, int keyLen, Guchar *state);
 static Guchar rc4DecryptByte(Guchar *state, Guchar *x, Guchar *y, Guchar c);
@@ -614,6 +615,11 @@ static void aesDecryptBlock(DecryptAESState *s, Guchar *in, GBool last) {
       s->buf[i] = s->buf[i-n];
     }
     s->bufIdx = n;
+    if (n > 16)
+    {
+      error(-1, "Reducing bufIdx from %d to 16 to not crash", n);
+      s->bufIdx = 16;
+    }
   }
 }
author	Albert Astals Cid <aacid@kde.org>	2008-09-12 12:05:53 +0200
committer	Albert Astals Cid <aacid@kde.org>	2008-09-12 12:05:53 +0200
commit	951cffeb2cbff4e179043033b5ac7f5eb764d6dc (patch)
tree	31be82bddb427bb1eb41f4695c88f563d192d582 /poppler/Decrypt.cc
parent	491109edbe827860e764b5fcb67456867923858d (diff)