Hi! I cleaned up your code for you! #1
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ignogueiras
pushed a commit
to Gradiant/PDF-Writer
that referenced
this pull request
Jul 29, 2020
…pic_flag to master * commit 'f7a1350e2f9c97e7bba41636feb5874b51de53fb': Corrected eerror in fPIC flag application added -fPIC flag to build
eknoes
added a commit
to eknoes/PDF-Writer
that referenced
this pull request
Jun 16, 2024
The /Prev value describes an offset from the start of a file.
Thus, a negative /Prev value can lead to a heap buffer overflow (read)
which is detected with -fsanitize=adress:
==3957970==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7ffff555f49a at pc 0x5555556e89ae bp 0x7fffffffc400 sp 0x7fffffffbbc0
READ of size 1 at 0x7ffff555f49a thread T0
[Detaching after fork from child process 3957971]
#0 0x5555556e89ad in __asan_memcpy (PDF-Writer/build/PDFFuzzHarness+0x1949ad) (BuildId: e0c027e66daf6a9d)
galkahana#1 0x555555737c25 in InputByteArrayStream::Read(unsigned char*, unsigned long) PDF-Writer/PDFWriter/InputByteArrayStream.cpp:58:3
galkahana#2 0x5555557cf25b in PDFParserTokenizer::GetNextByteForToken(unsigned char&) PDF-Writer/PDFWriter/PDFParserTokenizer.cpp:376:20
galkahana#3 0x5555557cee1c in PDFParserTokenizer::SkipTillToken() PDF-Writer/PDFWriter/PDFParserTokenizer.cpp:351:6
galkahana#4 0x5555557cb33e in PDFParserTokenizer::GetNextToken[abi:cxx11]() PDF-Writer/PDFWriter/PDFParserTokenizer.cpp:79:3
galkahana#5 0x5555557768dd in PDFObjectParser::GetNextToken(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&) PDF-Writer/PDFWriter/PDFObjectParser.cpp:252:33
galkahana#6 0x555555774d07 in PDFObjectParser::ParseNewObject() PDF-Writer/PDFWriter/PDFObjectParser.cpp:98:7
galkahana#7 0x555555752eaa in PDFParser::ParsePreviousFileDirectory(long long, std::vector<XrefEntryInput, std::allocator<XrefEntryInput>>&, unsigned long, PDFDictionary**, unsigned long*) PDF-Writer/PDFWriter/PDFParser.cpp:1117:49
galkahana#8 0x555555745b7b in PDFParser::ParsePreviousXrefs(PDFDictionary*) PDF-Writer/PDFWriter/PDFParser.cpp:1084:12
galkahana#9 0x555555745db9 in PDFParser::ParsePreviousXrefs(PDFDictionary*) PDF-Writer/PDFWriter/PDFParser.cpp:1091:13
galkahana#10 0x555555743e55 in PDFParser::BuildXrefTableFromTable() PDF-Writer/PDFWriter/PDFParser.cpp:500:13
galkahana#11 0x55555573e90f in PDFParser::ParseFileDirectory() PDF-Writer/PDFWriter/PDFParser.cpp:1269:13
galkahana#12 0x55555573b436 in PDFParser::StartPDFParsing(IByteReaderWithPosition*, PDFParsingOptions const&) PDF-Writer/PDFWriter/PDFParser.cpp:120:12
0x7ffff555f49a is located 870 bytes before 1048576-byte region [0x7ffff555f800,0x7ffff565f800)
allocated by thread T0 here
galkahana
pushed a commit
that referenced
this pull request
Jun 22, 2024
* bug: do not allow negative /Prev value
The /Prev value describes an offset from the start of a file.
Thus, a negative /Prev value can lead to a heap buffer overflow (read)
which is detected with -fsanitize=adress:
==3957970==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7ffff555f49a at pc 0x5555556e89ae bp 0x7fffffffc400 sp 0x7fffffffbbc0
READ of size 1 at 0x7ffff555f49a thread T0
[Detaching after fork from child process 3957971]
#0 0x5555556e89ad in __asan_memcpy (PDF-Writer/build/PDFFuzzHarness+0x1949ad) (BuildId: e0c027e66daf6a9d)
#1 0x555555737c25 in InputByteArrayStream::Read(unsigned char*, unsigned long) PDF-Writer/PDFWriter/InputByteArrayStream.cpp:58:3
#2 0x5555557cf25b in PDFParserTokenizer::GetNextByteForToken(unsigned char&) PDF-Writer/PDFWriter/PDFParserTokenizer.cpp:376:20
#3 0x5555557cee1c in PDFParserTokenizer::SkipTillToken() PDF-Writer/PDFWriter/PDFParserTokenizer.cpp:351:6
#4 0x5555557cb33e in PDFParserTokenizer::GetNextToken[abi:cxx11]() PDF-Writer/PDFWriter/PDFParserTokenizer.cpp:79:3
#5 0x5555557768dd in PDFObjectParser::GetNextToken(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>&) PDF-Writer/PDFWriter/PDFObjectParser.cpp:252:33
#6 0x555555774d07 in PDFObjectParser::ParseNewObject() PDF-Writer/PDFWriter/PDFObjectParser.cpp:98:7
#7 0x555555752eaa in PDFParser::ParsePreviousFileDirectory(long long, std::vector<XrefEntryInput, std::allocator<XrefEntryInput>>&, unsigned long, PDFDictionary**, unsigned long*) PDF-Writer/PDFWriter/PDFParser.cpp:1117:49
#8 0x555555745b7b in PDFParser::ParsePreviousXrefs(PDFDictionary*) PDF-Writer/PDFWriter/PDFParser.cpp:1084:12
#9 0x555555745db9 in PDFParser::ParsePreviousXrefs(PDFDictionary*) PDF-Writer/PDFWriter/PDFParser.cpp:1091:13
#10 0x555555743e55 in PDFParser::BuildXrefTableFromTable() PDF-Writer/PDFWriter/PDFParser.cpp:500:13
#11 0x55555573e90f in PDFParser::ParseFileDirectory() PDF-Writer/PDFWriter/PDFParser.cpp:1269:13
#12 0x55555573b436 in PDFParser::StartPDFParsing(IByteReaderWithPosition*, PDFParsingOptions const&) PDF-Writer/PDFWriter/PDFParser.cpp:120:12
0x7ffff555f49a is located 870 bytes before 1048576-byte region [0x7ffff555f800,0x7ffff565f800)
allocated by thread T0 here
* bug: always clamp mCurrentPosition when argument can be negative.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi there!
This is WhitespaceBot. I'm an open-source robot that removes trailing white space in your code, and gives you a gitignore file if you didn't have one!
Why whitespace? Whitespace is an eyesore for developers who use text editors with dark themes. It's not a huge deal, but it's a bit annoying if you use Vim in a terminal. Really, I'm just a proof of concept - GitHub's V3 API allows robots to automatically improve open source projects, and that's really cool. Hopefully, somebody, maybe you!, will fork me and make me even more useful. My owner is funding a bounty to anybody who can add security fixing features to me.
I've only cleaned your most popular project, and I've added you to a list of users not to contact again, so you won't get any more pull requests from me unless you ask. If I'm misbehaving, please email my owner and tell him to turn me off! If this is pull request is of no use to you, please just ignore it.
Thanks!
WhiteSpacebot from Gun.io.