Security: avoid pre-allocating vectors based on file data

In places where std::vector<T>(size_t) was used, either validate that the size parameter is sane or refactor code to avoid the need to pre-allocate the vector.
author: Jay Berkenbilt <ejb@ql.org> 2013-10-05 17:30:27 +0200
committer: Jay Berkenbilt <ejb@ql.org> 2013-10-10 02:57:14 +0200
commit: 0bfe9024893ebb1f62108fe6c24410e6ba589c3e (patch)
tree: fdfce5d27bfb482042105e1ba61d46e56294905e /ChangeLog
parent: 10bceb552f1cfd2ddae3c8bfd7d9b38a66e710c4 (diff)
download: qpdf-0bfe9024893ebb1f62108fe6c24410e6ba589c3e.tar.zst
1 files changed, 6 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 124a086d..f87c4418 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
 2013-10-05  Jay Berkenbilt  <ejb@ql.org>
 
+	* Security fix: In places where std::vector<T>(size_t) was used,
+	either validate that the size parameter is sane or refactor code
+	to avoid the need to pre-allocate the vector.  This reduces the
+	likelihood of allocating a lot of memory in response to invalid
+	data in linearization hint streams.
+
 	* Security fix: sanitize /W array in cross reference stream to
 	avoid a potential integer overflow in a multiplication.  It is
 	unlikely that any exploits were possible from this bug as
author	Jay Berkenbilt <ejb@ql.org>	2013-10-05 17:30:27 +0200
committer	Jay Berkenbilt <ejb@ql.org>	2013-10-10 02:57:14 +0200
commit	0bfe9024893ebb1f62108fe6c24410e6ba589c3e (patch)
tree	fdfce5d27bfb482042105e1ba61d46e56294905e /ChangeLog
parent	10bceb552f1cfd2ddae3c8bfd7d9b38a66e710c4 (diff)
download	qpdf-0bfe9024893ebb1f62108fe6c24410e6ba589c3e.tar.zst