diff options
author | Jay Berkenbilt <ejb@ql.org> | 2013-10-06 01:42:39 +0200 |
---|---|---|
committer | Jay Berkenbilt <ejb@ql.org> | 2013-10-18 16:45:14 +0200 |
commit | ac9c1f0d560540fda821b2775a475c71b47cb3a0 (patch) | |
tree | 20acd9a49718d0dd4efc15fd2e7b37a6c09c75a2 /libqpdf/QPDF.cc | |
parent | 4229457068d6a28cc11b506f127a7bb650ab18c1 (diff) | |
download | qpdf-ac9c1f0d560540fda821b2775a475c71b47cb3a0.tar.zst |
Security: replace operator[] with at
For std::string and std::vector, replace operator[] with at. This was
done using an automated process. See README.hardening for details.
Diffstat (limited to 'libqpdf/QPDF.cc')
-rw-r--r-- | libqpdf/QPDF.cc | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc index 39fd7208..26efaa78 100644 --- a/libqpdf/QPDF.cc +++ b/libqpdf/QPDF.cc @@ -531,7 +531,7 @@ QPDF::read_xrefTable(qpdf_offset_t xref_offset) // For xref_table, these will always be small enough to be ints qpdf_offset_t f1 = QUtil::string_to_ll(m2.getMatch(1).c_str()); int f2 = atoi(m2.getMatch(2).c_str()); - char type = m2.getMatch(3)[0]; + char type = m2.getMatch(3).at(0); if (type == 'f') { // Save deleted items until after we've checked the @@ -758,17 +758,17 @@ QPDF::processXRefStream(qpdf_offset_t xref_offset, QPDFObjectHandle& xref_obj) long long num_entries = 0; for (unsigned int i = 1; i < indx.size(); i += 2) { - if (indx[i] > max_num_entries - num_entries) + if (indx.at(i) > max_num_entries - num_entries) { throw QPDFExc(qpdf_e_damaged_pdf, this->file->getName(), "xref stream", xref_offset, "Cross-reference stream claims to contain" " too many entries: " + - QUtil::int_to_string(indx[i]) + " " + + QUtil::int_to_string(indx.at(i)) + " " + QUtil::int_to_string(max_num_entries) + " " + QUtil::int_to_string(num_entries)); } - num_entries += indx[i]; + num_entries += indx.at(i); } // entry_size and num_entries have both been validated to ensure @@ -829,9 +829,9 @@ QPDF::processXRefStream(qpdf_offset_t xref_offset, QPDFObjectHandle& xref_obj) // based on /Index. The generation number is 0 unless this is // an uncompressed object record, in which case the generation // number appears as the third field. - int obj = indx[cur_chunk] + chunk_count; + int obj = indx.at(cur_chunk) + chunk_count; ++chunk_count; - if (chunk_count >= indx[cur_chunk + 1]) + if (chunk_count >= indx.at(cur_chunk + 1)) { cur_chunk += 2; chunk_count = 0; |