Security: better bounds checks for linearization data

The faulty code was only used during explicit checks of linearization data. Those checks are not part of normal reading or writing of PDF files.
author: Jay Berkenbilt <ejb@ql.org> 2013-10-05 12:26:06 +0200
committer: Jay Berkenbilt <ejb@ql.org> 2013-10-10 01:50:09 +0200
commit: 3eb4b066ab3f25f6454214d33b2fc17161812dfa (patch)
tree: c6e71e5ed387d5d728e13fcdd57b1bca94c41e50 /ChangeLog
parent: b097d7a81b5c9cb349fff5c1efe6a0c390025579 (diff)
download: qpdf-3eb4b066ab3f25f6454214d33b2fc17161812dfa.tar.zst
1 files changed, 7 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 7440f632..8a10865f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,12 @@
 2013-10-05  Jay Berkenbilt  <ejb@ql.org>
 
+	* Security fix: avoid buffer overrun that could be caused by bogus
+	data in linearization hint streams.  The incorrect code could only
+	be triggered when checking linearization data, which must be
+	invoked explicitly.  qpdf does not check linearization data when
+	reading or writing linearized files, but the qpdf --check command
+	does check linearization data.
+
 	* Security fix: properly handle empty strings in
 	QPDF_Name::normalizeName.  The empty string is not a valid name
 	and would never be parsed as a name, so there were no known
author	Jay Berkenbilt <ejb@ql.org>	2013-10-05 12:26:06 +0200
committer	Jay Berkenbilt <ejb@ql.org>	2013-10-10 01:50:09 +0200
commit	3eb4b066ab3f25f6454214d33b2fc17161812dfa (patch)
tree	c6e71e5ed387d5d728e13fcdd57b1bca94c41e50 /ChangeLog
parent	b097d7a81b5c9cb349fff5c1efe6a0c390025579 (diff)
download	qpdf-3eb4b066ab3f25f6454214d33b2fc17161812dfa.tar.zst