search

michaelrsweet / pdfio

PDFio is a simple C library for reading and writing PDF files.
https://www.msweet.org/pdfio
Apache License 2.0
198 stars 44 forks source link

Added missing initialization for ivlen when pdf encryption is PDFIO_E… #51

Closed k00l-beanz closed 1 year ago

k00l-beanz commented 1 year ago

Hey my dudes, great project. Keep up the good work.

I currently have a crash when supplying the following pdf to pdfiototext - bad.pdf

$ sha256sum bad.pdf
130134c62521d1a29813fa8c2090441c31c7107dee59f96aefc0fc75a2e5d6b2  bad.pdf
$ ./pdfiototext bad.pdf
Segmentation fault

Performing some light root-cause analysis shows a missing initialization of the ivlen variable in pdfio-crypto.c.

If pdf->encryption is PDFIO_ENCRYPTION_RC4_40, then the ivlen variable will not be initialized and later used in _pdfioCryptoRC4Crypt leading to undefined behavior.

Cheers! :beer:

michaelrsweet commented 1 year ago

[master 4804db3] Fix missing ivlen initializer for 40-bit RC4 (Issue #51)