You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 Re: Source Code repository » Github pull requests » 2022-04-11 11:19:56
Thank you for the fix.
According the 248 max value, I just analyzed the situation from an algorithmic point of view in the scope of the function, but if this is a known limitation documented as such, that's fine.
#2 Re: Source Code repository » Github pull requests » 2022-04-11 07:44:16
Hi Arnaud,
Thank you for taking the time to review my request.
I'm not sure we are talking about the same thing. You're talking about the destination array, and I agree, buffer overflow is safe since sourceLen is maxed to 248 (although this is not 32-bit correct, but I will talk about it later (*)).
My pull request concern a buffer overrun on the source array in the case that sourceLen is a multiple a of 8 (64 bits) or 4 (32 bits). Let me give an example to illustrate it:
In 64 bits: if source sourceLen = 16, then sourceLen shr 3 = 2. So we'll iterate 3 times in the for loop (0 to 2), while we should iterate only 2 times (2 packets of 8 bytes), the 3rd iteration leads to a buffer overrun.
In 32 bits: if source sourceLen = 16, then sourceLen shr 2 = 4. So we'll iterate 5 times in the for loop (0 to 4), while we should iterate only 4 times (4 packets of 4 bytes), the 5th iteration leads to a buffer overrun.
I introduced this correction in my project because a large number of my users reported crashes at this place, since the fix, I no longer have any problems.
(*) When sourceLen is maxed to 248, it sounds good for the 64 bits version, but in the 32 bits version, if sourceLen > 252, the 4 last characters will be ignored and not processed.
#3 Source Code repository » Github pull requests » 2022-04-08 14:36:47
- smetz84
- Replies: 4
Hi guys,
I posted a pull request on the SynPDF GitHub project (https://github.com/synopse/SynPDF/pull/56) last year.
Is there a chance that this request will be reviewed one day?
Thanks
Pages: 1