Skip to content

Commit

Permalink
PDF: Fix 1-byte overread
Browse files Browse the repository at this point in the history
An overread may occur if attempting to decrypt an empty string.
Issue introduced during 1.3 development.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66281
  • Loading branch information
micahsnyder committed Feb 2, 2024
1 parent 17c9f5b commit 82491da
Showing 1 changed file with 9 additions and 2 deletions.
11 changes: 9 additions & 2 deletions libclamav/pdfng.c
Original file line number Diff line number Diff line change
Expand Up @@ -240,16 +240,23 @@ static char *pdf_decrypt_string(struct pdf_struct *pdf, struct pdf_obj *obj, con
if (pdf->flags & (1 << DECRYPTABLE_PDF)) {
int hex2str_ret;
bool hex_encoded_binary = false;
const char *start = NULL;
const char *end = NULL;

enc = get_enc_method(pdf, obj);

if (*length < 2) {
cli_dbgmsg("pdf_decrypt_string: length < 2\n");
return NULL;
}

// Strip off the leading `<` and trailing `>`
const char *start = in;
start = in;
if (start[0] == '<') {
start++;
hex_encoded_binary = true;
}
const char *end = in + *length;
end = in + *length;
if (end[-1] == '>') {
end--;
}
Expand Down

0 comments on commit 82491da

Please sign in to comment.