Minor revision

2021-12-08 20:39:02 +01:00 · 2021-12-08 20:39:02 +01:00 · bcb24af926
parent c0927c05dd
commit bcb24af926
2 changed files with 6 additions and 6 deletions
--- a/pdf-simple-sign.cpp
+++ b/pdf-simple-sign.cpp
@ -64,7 +64,7 @@ std::string ssprintf(const std::string& format, Args... args) {
 // -------------------------------------------------------------------------------------------------
 /// PDF token/object thingy.  Objects may be composed either from one or a sequence of tokens.
-/// The PDF Reference doesn't actually speak of tokens.
+/// The PDF Reference doesn't actually speak of tokens, though ISO 32000-1:2008 does.
 struct pdf_object {
  enum type {
    END, NL, COMMENT, NIL, BOOL, NUMERIC, KEYWORD, NAME, STRING,
@ -543,8 +543,8 @@ std::string pdf_updater::initialize() {
    const auto prev_offset = trailer.dict.find("Prev");
    if (prev_offset == trailer.dict.end())
      break;
-    // FIXME we don't check for size_t over or underflow
+    // FIXME do not read offsets and sizes as floating point numbers
-    if (!prev_offset->second.is_integer())
+    if (!prev_offset->second.is_integer() || prev_offset->second.number < 0)
      return "invalid Prev offset";
    xref_offset = prev_offset->second.number;
  }
--- a/pdf/pdf.go
+++ b/pdf/pdf.go
@ -63,9 +63,9 @@ const (
 	Reference
 )
-// Object is a PDF token/object thingy.  Objects may be composed either from
+// Object is a PDF token/object thingy. Objects may be composed either from
 // one or a sequence of tokens. The PDF Reference doesn't actually speak
-// of tokens.
+// of tokens, though ISO 32000-1:2008 does.
 type Object struct {
 	Kind ObjectKind
@ -722,7 +722,7 @@ func NewUpdater(document []byte) (*Updater, error) {
 		if !ok {
 			break
 		}
-		// FIXME: We don't check for size_t over or underflow.
+		// FIXME: Do not read offsets and sizes as floating point numbers.
 		if !prevOffset.IsInteger() {
 			return nil, errors.New("invalid Prev offset")
 		}