Add comments about some potential issues
- lack of number range verification - lack of sanitization when serializing dicts
This commit is contained in:
parent
daa9cc1ed4
commit
ad239714b0
|
@ -301,6 +301,7 @@ static std::string pdf_serialize(const pdf_object& o) {
|
||||||
{
|
{
|
||||||
std::string s;
|
std::string s;
|
||||||
for (const auto i : o.dict)
|
for (const auto i : o.dict)
|
||||||
|
// FIXME the key is also supposed to be escaped by pdf_serialize()
|
||||||
s += " /" + i.first + " " + pdf_serialize(i.second);
|
s += " /" + i.first + " " + pdf_serialize(i.second);
|
||||||
return "<<" + s + " >>";
|
return "<<" + s + " >>";
|
||||||
}
|
}
|
||||||
|
@ -543,6 +544,7 @@ std::string pdf_updater::initialize() {
|
||||||
const auto prev_offset = trailer.dict.find("Prev");
|
const auto prev_offset = trailer.dict.find("Prev");
|
||||||
if (prev_offset == trailer.dict.end())
|
if (prev_offset == trailer.dict.end())
|
||||||
break;
|
break;
|
||||||
|
// FIXME we don't check for size_t over or underflow
|
||||||
if (!prev_offset->second.is_integer())
|
if (!prev_offset->second.is_integer())
|
||||||
return "invalid Prev offset";
|
return "invalid Prev offset";
|
||||||
xref_offset = prev_offset->second.number;
|
xref_offset = prev_offset->second.number;
|
||||||
|
|
Loading…
Reference in New Issue