Add input validation checks for raw encoding

terryburton · terryburton · commit 9727f417f970 · 2026-03-03T00:21:55.000Z
diff --git a/src/code128.ps.src b/src/code128.ps.src
@@ -287,12 +287,22 @@ begin
         /cws barcode length array def
         /i 0 def /j 0 def
         { % loop
-            i barcode length eq {exit} if
-            /cw barcode i 1 add 3 getinterval cvi def
+            i barcode length 3 sub ge {exit} if
+            barcode i get 94 ne {exit} if
+            barcode i 1 add 3 getinterval false 1 index {
+                dup 48 lt exch 57 gt or { pop true } if
+            } forall { pop exit } if
+            cvi /cw exch def
+            cw 106 gt {
+                /bwipp.code128BadRawCodeword (Raw codewords must be 0 to 106) //raiseerror exec
+            } if
             cws j cw put
             /i i 4 add def
             /j j 1 add def
         } loop
+        i barcode length ne {
+            /bwipp.code128BadRawFormat (Raw codewords must be formatted as ^NNN) //raiseerror exec
+        } if
         /cws cws 0 j getinterval def
         /text () def
     } {
diff --git a/src/code16k.ps.src b/src/code16k.ps.src
@@ -258,6 +258,7 @@ begin
 
     raw {
 
+        /mode 0 def
         /cws barcode length array def
         /i 0 def /j 0 def
         { % loop
@@ -267,12 +268,15 @@ begin
                 dup 48 lt exch 57 gt or { pop true } if
             } forall { pop exit } if
             cvi /cw exch def
+            cw 106 gt {
+                /bwipp.code16kBadRawCodeword (Raw codewords must be 0 to 106) //raiseerror exec
+            } if
             cws j cw put
             /i i 4 add def
             /j j 1 add def
         } loop
         i barcode length ne {
-            /bwipp.code16kBadRawFormat (raw data must be formatted as ^NNN) //raiseerror exec
+            /bwipp.code16kBadRawFormat (Raw codewords must be formatted as ^NNN) //raiseerror exec
         } if
         /cws cws 0 j getinterval def
 
diff --git a/src/datamatrix.ps.src b/src/datamatrix.ps.src
@@ -479,12 +479,22 @@ begin
         /cws barcode length array def
         /i 0 def /j 0 def
         { % loop
-            i barcode length eq {exit} if
-            /cw barcode i 1 add 3 getinterval cvi def
+            i barcode length 3 sub ge {exit} if
+            barcode i get 94 ne {exit} if
+            barcode i 1 add 3 getinterval false 1 index {
+                dup 48 lt exch 57 gt or { pop true } if
+            } forall { pop exit } if
+            cvi /cw exch def
+            cw 255 gt {
+                /bwipp.datamatrixBadRawCodeword (Raw codewords must be 0 to 255) //raiseerror exec
+            } if
             cws j cw put
             /i i 4 add def
             /j j 1 add def
         } loop
+        i barcode length ne {
+            /bwipp.datamatrixBadRawFormat (Raw codewords must be formatted as ^NNN) //raiseerror exec
+        } if
         /cws cws 0 j getinterval def
 
     } {
diff --git a/src/micropdf417.ps.src b/src/micropdf417.ps.src
@@ -672,12 +672,15 @@ begin
                 dup 48 lt exch 57 gt or { pop true } if
             } forall { pop exit } if
             cvi /cw exch def
+            cw 928 gt {
+                /bwipp.micropdf417badRawCodeword (Raw codewords must be 0 to 928) //raiseerror exec
+            } if
             datcws j cw put
             /i i 4 add def
             /j j 1 add def
         } loop
         i barcode length ne {
-            /bwipp.micropdf417badCcaRawFormat (cca and raw data must be formatted as ^NNN) //raiseerror exec
+            /bwipp.micropdf417badCcaRawFormat (Raw codewords must be formatted as ^NNN) //raiseerror exec
         } if
         /datcws datcws 0 j getinterval def
     } if
diff --git a/src/pdf417.ps.src b/src/pdf417.ps.src
@@ -586,12 +586,15 @@ begin
                 dup 48 lt exch 57 gt or { pop true } if
             } forall { pop exit } if
             cvi /cw exch def
+            cw 928 gt {
+                /bwipp.pdf417badRawCodeword (Raw codewords must be 0 to 928) //raiseerror exec
+            } if
             datcws j cw put
             /i i 4 add def
             /j j 1 add def
         } loop
         i barcode length ne {
-            /bwipp.pdf417badRawFormat (raw data must be formatted as ^NNN) //raiseerror exec
+            /bwipp.pdf417badRawFormat (Raw codewords must be formatted as ^NNN) //raiseerror exec
         } if
         /datcws datcws 0 j getinterval def
     } if
diff --git a/src/posicode.ps.src b/src/posicode.ps.src
@@ -274,12 +274,22 @@ begin
         /cws barcode length array def
         /i 0 def /j 0 def
         { % loop
-            i barcode length eq {exit} if
-            /cw barcode i 1 add 3 getinterval cvi def
+            i barcode length 3 sub ge {exit} if
+            barcode i get 94 ne {exit} if
+            barcode i 1 add 3 getinterval false 1 index {
+                dup 48 lt exch 57 gt or { pop true } if
+            } forall { pop exit } if
+            cvi /cw exch def
+            cw 45 gt {
+                /bwipp.posicodeBadRawCodeword (Raw codewords must be 0 to 45) //raiseerror exec
+            } if
             cws j cw put
             /i i 4 add def
             /j j 1 add def
         } loop
+        i barcode length ne {
+            /bwipp.posicodeBadRawFormat (Raw codewords must be formatted as ^NNN) //raiseerror exec
+        } if
         /cws cws 0 j getinterval def
         /text () def
     } if
diff --git a/src/ultracode.ps.src b/src/ultracode.ps.src
@@ -275,12 +275,22 @@ begin
         /dcws barcode length array def
         /i 0 def /j 0 def
         { % loop
-            i barcode length eq {exit} if
-            /cw barcode i 1 add 3 getinterval cvi def
+            i barcode length 3 sub ge {exit} if
+            barcode i get 94 ne {exit} if
+            barcode i 1 add 3 getinterval false 1 index {
+                dup 48 lt exch 57 gt or { pop true } if
+            } forall { pop exit } if
+            cvi /cw exch def
+            cw 284 gt {
+                /bwipp.ultracodeBadRawCodeword (Raw codewords must be 0 to 284) //raiseerror exec
+            } if
             dcws j cw put
             /i i 4 add def
             /j j 1 add def
         } loop
+        i barcode length ne {
+            /bwipp.ultracodeBadRawFormat (Raw codewords must be formatted as ^NNN) //raiseerror exec
+        } if
         /dcws dcws 0 j getinterval def
 
         (input.encoding.raw) //ultracode.after exec
diff --git a/tests/ps_tests/code128.ps.test b/tests/ps_tests/code128.ps.test
@@ -78,3 +78,14 @@
 
 { 501 string (dontdraw) code128 } /bwipp.code128inputTooLong isError
 
+% Invalid raw format
+{ (^12A) (raw dontdraw) code128 } /bwipp.code128BadRawFormat isError
+{ (^12) (raw dontdraw) code128 } /bwipp.code128BadRawFormat isError
+{ (^1) (raw dontdraw) code128 } /bwipp.code128BadRawFormat isError
+{ (^) (raw dontdraw) code128 } /bwipp.code128BadRawFormat isError
+{ (^105garbage) (raw dontdraw) code128 } /bwipp.code128BadRawFormat isError
+
+% Raw codeword out of range (valid: 0-106)
+{ (^107) (raw dontdraw) code128 } /bwipp.code128BadRawCodeword isError
+{ (^999) (raw dontdraw) code128 } /bwipp.code128BadRawCodeword isError
+
diff --git a/tests/ps_tests/code16k.ps.test b/tests/ps_tests/code16k.ps.test
@@ -98,5 +98,13 @@
 
 % Invalid raw format
 (TEST) (raw dontdraw) /bwipp.code16kBadRawFormat er_tmpl
+(^12A) (raw dontdraw) /bwipp.code16kBadRawFormat er_tmpl
+(^12) (raw dontdraw) /bwipp.code16kBadRawFormat er_tmpl
+(^1) (raw dontdraw) /bwipp.code16kBadRawFormat er_tmpl
+(^) (raw dontdraw) /bwipp.code16kBadRawFormat er_tmpl
+
+% Raw codeword out of range (valid: 0-106)
+(^107) (raw dontdraw) /bwipp.code16kBadRawCodeword er_tmpl
+(^999) (raw dontdraw) /bwipp.code16kBadRawCodeword er_tmpl
 
 501 string (dontdraw) /bwipp.code16kinputTooLong er_tmpl
diff --git a/tests/ps_tests/datamatrix.ps.test b/tests/ps_tests/datamatrix.ps.test
@@ -130,5 +130,16 @@
 (TEST) (version=10xABC dontdraw) /bwipp.datamatrixVersionBadRowOrColumn er_tmpl
 (TEST) (version=ABCx10 dontdraw) /bwipp.datamatrixVersionBadRowOrColumn er_tmpl
 
+% Invalid raw format
+(^12A) (raw dontdraw) /bwipp.datamatrixBadRawFormat er_tmpl
+(^12) (raw dontdraw) /bwipp.datamatrixBadRawFormat er_tmpl
+(^1) (raw dontdraw) /bwipp.datamatrixBadRawFormat er_tmpl
+(^) (raw dontdraw) /bwipp.datamatrixBadRawFormat er_tmpl
+(^230garbage) (raw dontdraw) /bwipp.datamatrixBadRawFormat er_tmpl
+
+% Raw codeword out of range (valid: 0-255)
+(^256) (raw dontdraw) /bwipp.datamatrixBadRawCodeword er_tmpl
+(^999) (raw dontdraw) /bwipp.datamatrixBadRawCodeword er_tmpl
+
 % Data too long for symbol
 (ABCDEFGHIJKLMNOPQRSTUVWXYZ) (version=10x10 dontdraw) /bwipp.datamatrixNoValidSymbol er_tmpl
diff --git a/tests/ps_tests/micropdf417.ps.test b/tests/ps_tests/micropdf417.ps.test
@@ -292,6 +292,14 @@
 
 % Invalid cca/raw format
 (TEST) (raw dontdraw) /bwipp.micropdf417badCcaRawFormat er_tmpl
+(^12A) (raw dontdraw) /bwipp.micropdf417badCcaRawFormat er_tmpl
+(^12) (raw dontdraw) /bwipp.micropdf417badCcaRawFormat er_tmpl
+(^1) (raw dontdraw) /bwipp.micropdf417badCcaRawFormat er_tmpl
+(^) (raw dontdraw) /bwipp.micropdf417badCcaRawFormat er_tmpl
+
+% Raw codeword out of range (valid: 0-928)
+(^929) (raw dontdraw) /bwipp.micropdf417badRawCodeword er_tmpl
+(^999) (raw dontdraw) /bwipp.micropdf417badRawCodeword er_tmpl
 
 % Data too long
 { 400 string 0 1 399 { 1 index exch 65 put } for (dontdraw) micropdf417 } /bwipp.micropdf417noValidSymbol isError
diff --git a/tests/ps_tests/pdf417.ps.test b/tests/ps_tests/pdf417.ps.test
@@ -176,6 +176,14 @@
 
 % Invalid raw format
 (TEST) (raw parse dontdraw) /bwipp.pdf417badRawFormat er_tmpl
+(^12A) (raw dontdraw) /bwipp.pdf417badRawFormat er_tmpl
+(^12) (raw dontdraw) /bwipp.pdf417badRawFormat er_tmpl
+(^1) (raw dontdraw) /bwipp.pdf417badRawFormat er_tmpl
+(^) (raw dontdraw) /bwipp.pdf417badRawFormat er_tmpl
+
+% Raw codeword out of range (valid: 0-928)
+(^929) (raw dontdraw) /bwipp.pdf417badRawCodeword er_tmpl
+(^999) (raw dontdraw) /bwipp.pdf417badRawCodeword er_tmpl
 
 % Invalid ECI (valid: 000000-811799)
 (^ECI900000) (parsefnc dontdraw) /bwipp.pdf417badECI er_tmpl
diff --git a/tests/ps_tests/posicode.ps.test b/tests/ps_tests/posicode.ps.test
@@ -22,6 +22,16 @@
 
 { 501 string (dontdraw) posicode } /bwipp.posicodeinputTooLong isError
 
+% Invalid raw format
+{ (^12A) (raw dontdraw) posicode } /bwipp.posicodeBadRawFormat isError
+{ (^12) (raw dontdraw) posicode } /bwipp.posicodeBadRawFormat isError
+{ (^1) (raw dontdraw) posicode } /bwipp.posicodeBadRawFormat isError
+{ (^) (raw dontdraw) posicode } /bwipp.posicodeBadRawFormat isError
+{ (^020garbage) (raw dontdraw) posicode } /bwipp.posicodeBadRawFormat isError
+
+% Raw codeword out of range (valid: 0-45)
+{ (^046) (raw dontdraw) posicode } /bwipp.posicodeBadRawCodeword isError
+{ (^999) (raw dontdraw) posicode } /bwipp.posicodeBadRawCodeword isError
 
 % Examples
 
diff --git a/tests/ps_tests/ultracode.ps.test b/tests/ps_tests/ultracode.ps.test
@@ -152,5 +152,16 @@
 (TEST) (eclevel=EC6 dontdraw) /bwipp.ultracodeInvalidErrorCorrectionLevel er_tmpl
 (TEST) (rev=2 eclevel=EC0 dontdraw) /bwipp.ultracodeInvalidErrorCorrectionLevel er_tmpl
 
+% Invalid raw format
+(^12A) (raw dontdraw) /bwipp.ultracodeBadRawFormat er_tmpl
+(^12) (raw dontdraw) /bwipp.ultracodeBadRawFormat er_tmpl
+(^1) (raw dontdraw) /bwipp.ultracodeBadRawFormat er_tmpl
+(^) (raw dontdraw) /bwipp.ultracodeBadRawFormat er_tmpl
+(^282garbage) (raw dontdraw) /bwipp.ultracodeBadRawFormat er_tmpl
+
+% Raw codeword out of range (valid: 0-284)
+(^285) (raw dontdraw) /bwipp.ultracodeBadRawCodeword er_tmpl
+(^999) (raw dontdraw) /bwipp.ultracodeBadRawCodeword er_tmpl
+
 % Data too long for symbol
 { 300 string 0 1 299 { 1 index exch 65 put } for (dontdraw) ultracode } /bwipp.ultracodeNoValidSymbol isError
