From 7e2fd58613a92dfd94550e35cfede9fa5b714e7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Simon=20B=C3=BCnzli?= <zeniko@gmail.com>
Date: Wed, 8 Jan 2014 16:23:12 +0100
Subject: sanitize crypt revision in pdf_new_crypt

This correctly enables the sanitization of the key length needed for
90db34f64037e2a8a5c3b6a518ba4153_asan_heap-oob_9b117e_1197_1802.pdf
---
 source/pdf/pdf-crypt.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'source')

diff --git a/source/pdf/pdf-crypt.c b/source/pdf/pdf-crypt.c
index e40fad95..daeead1a 100644
--- a/source/pdf/pdf-crypt.c
+++ b/source/pdf/pdf-crypt.c
@@ -97,6 +97,12 @@ pdf_new_crypt(fz_context *ctx, pdf_obj *dict, pdf_obj *id)
 		pdf_free_crypt(ctx, crypt);
 		fz_throw(ctx, FZ_ERROR_GENERIC, "encryption dictionary missing version and revision value");
 	}
+	if (crypt->r < 1 || crypt->r > 6)
+	{
+		int r = crypt->r;
+		pdf_free_crypt(ctx, crypt);
+		fz_throw(ctx, FZ_ERROR_GENERIC, "unknown crypt revision %d", r);
+	}
 
 	obj = pdf_dict_gets(dict, "O");
 	if (pdf_is_string(obj) && pdf_to_str_len(obj) == 32)
-- 
cgit v1.2.3