#1 Re: Source Code repository » Github pull requests » 2022-04-11 11:19:56

Thank you for the fix.

According the 248 max value, I just analyzed the situation from an algorithmic point of view in the scope of the function, but if this is a known limitation documented as such, that's fine.

#2 Re: Source Code repository » Github pull requests » 2022-04-11 07:44:16

Hi Arnaud,
Thank you for taking the time to review my request.

I'm not sure we are talking about the same thing. You're talking about the destination array, and I agree, buffer overflow is safe since sourceLen is maxed to 248 (although this is not 32-bit correct, but I will talk about it later (*)).
My pull request concern a buffer overrun on the source array in the case that sourceLen is a multiple a of 8 (64 bits) or 4 (32 bits). Let me give an example to illustrate it:

In 64 bits: if source sourceLen = 16, then sourceLen shr 3 = 2. So we'll iterate 3 times in the for loop (0 to 2), while we should iterate only 2 times (2 packets of 8 bytes), the 3rd iteration leads to a buffer overrun.
In 32 bits: if source sourceLen = 16, then sourceLen shr 2 = 4. So we'll iterate 5 times in the for loop (0 to 4), while we should iterate only 4 times (4 packets of 4 bytes), the 5th iteration leads to a buffer overrun.

I introduced this correction in my project because a large number of my users reported crashes at this place, since the fix, I no longer have any problems.

(*) When sourceLen is maxed to 248, it sounds good for the 64 bits version, but in the 32 bits version, if sourceLen > 252, the 4 last characters will be ignored and not processed.

#3 Source Code repository » Github pull requests » 2022-04-08 14:36:47

smetz84
Replies: 4

Hi guys,

I posted a pull request on the SynPDF GitHub project (https://github.com/synopse/SynPDF/pull/56) last year.
Is there a chance that this request will be reviewed one day?

Thanks

Board footer

Powered by FluxBB