do not allow data URIs for --header-html or --footer-html

fixes #2280 as the buffer overflow is no longer triggered, now
an error message is generated instead.

CHANGELOG.md

@@ -3,6 +3,7 @@ v0.12.3 (unreleased)
 * removed support for CentOS 5 builds
 * update OpenSSL to 1.0.1m
 * **#2104**: renamed COPYING to LICENSE
+* **#2280**: do not allow data URIs for --header-html or --footer-html
 
 v0.12.2.1 (2015-01-19)
 ----------------------

src/lib/pdfconverter.cc

@@ -72,7 +72,7 @@ struct DLL_LOCAL StreamDumper {
 
 bool DLL_LOCAL looksLikeHtmlAndNotAUrl(QString str) {
 	QString s = str.split("?")[0];
-	return s.count('<') > 0 || s.count('<') > 0;
+	return s.count('<') > 0 || str.startsWith("data:", Qt::CaseInsensitive);
 }
 
 PdfConverterPrivate::PdfConverterPrivate(PdfGlobal & s, PdfConverter & o) :