pdf-rs/pdf

thread 'main' panicked at 'range end index 16 out of range for slice of length 8', crypt.rs:211:43

tokatoka opened this issue · 0 comments

toka@toka:~/repro$ ./target/release/repro crash-c1e.pdf 
thread 'main' panicked at 'range end index 16 out of range for slice of length 8', /home/toka/.cargo/git/checkouts/pdf-3ef1c528a9b91eec/a6e2abc/pdf/src/crypt.rs:211:43
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Code to reproduce

fn harness(file: &String) {
    if let Ok(file) = pdf::file::FileOptions::cached().open(file) {
        for idx in 0..file.num_pages() {
            let _ = file.get_page(idx);
        }
    }
}

fn main() {
    let args: Vec<String> = std::env::args().collect();

    let _ = harness(&args[1]);
}

and this is the crashing input
crash-c1e.pdf

compute_u_rev_3_4(id, key) == document_u[..16]

Here document was only 8-bytes long but it tried indexing 16