You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pdfbox.apache.org by ti...@apache.org on 2020/06/10 06:16:53 UTC
svn commit: r1878700 -
/pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/pfb/PfbParser.java
Author: tilman
Date: Wed Jun 10 06:16:53 2020
New Revision: 1878700
URL: http://svn.apache.org/viewvc?rev=1878700&view=rev
Log:
PDFBOX-4866: avoid IndexOutOfBoundsException
Modified:
pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/pfb/PfbParser.java
Modified: pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/pfb/PfbParser.java
URL: http://svn.apache.org/viewvc/pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/pfb/PfbParser.java?rev=1878700&r1=1878699&r2=1878700&view=diff
==============================================================================
--- pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/pfb/PfbParser.java (original)
+++ pdfbox/branches/2.0/fontbox/src/main/java/org/apache/fontbox/pfb/PfbParser.java Wed Jun 10 06:16:53 2020
@@ -140,11 +140,21 @@ public class PfbParser
size += in.read() << 8;
size += in.read() << 16;
size += in.read() << 24;
+ if (size < 0)
+ {
+ throw new IOException("PFB record size is negative: " + size);
+ }
lengths[records] = size;
if (pointer >= pfbdata.length)
{
throw new EOFException("attempted to read past EOF");
}
+ if (size > pfbdata.length - pointer)
+ {
+ throw new IOException("PFB record size (" + size +
+ ") doesn't fit in buffer, position: " + pointer +
+ ", total length: " + pfbdata.length);
+ }
int got = in.read(pfbdata, pointer, size);
if (got < 0)
{