Add comments about some potential issues

- lack of number range verification - lack of sanitization when serializing dicts
2018-10-02 23:18:50 +02:00 · 2018-10-02 23:18:50 +02:00 · ad239714b0
parent daa9cc1ed4
commit ad239714b0
1 changed files with 2 additions and 0 deletions
--- a/pdf-simple-sign.cpp
+++ b/pdf-simple-sign.cpp
@ -301,6 +301,7 @@ static std::string pdf_serialize(const pdf_object& o) {
  {
    std::string s;
    for (const auto i : o.dict)
+      // FIXME the key is also supposed to be escaped by pdf_serialize()
      s += " /" + i.first + " " + pdf_serialize(i.second);
    return "<<" + s + " >>";
  }
@ -543,6 +544,7 @@ std::string pdf_updater::initialize() {
    const auto prev_offset = trailer.dict.find("Prev");
    if (prev_offset == trailer.dict.end())
      break;
+    // FIXME we don't check for size_t over or underflow
    if (!prev_offset->second.is_integer())
      return "invalid Prev offset";
    xref_offset = prev_offset->second.number;