[poppler] poppler/JPXStream.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Thu Dec 27 15:45:22 PST 2012
poppler/JPXStream.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
New commits:
commit 7e0be7854adc49e4e00c0badb0dc470fbdf6d612
Author: Even Rouault <even.rouault at mines-paris.org>
Date: Fri Dec 28 00:44:29 2012 +0100
Avoid DoS due to huge number of JPX tiles in a stream
diff --git a/poppler/JPXStream.cc b/poppler/JPXStream.cc
index f1becc9..606c08e 100644
--- a/poppler/JPXStream.cc
+++ b/poppler/JPXStream.cc
@@ -15,6 +15,7 @@
//
// Copyright (C) 2008, 2012 Albert Astals Cid <aacid at kde.org>
// Copyright (C) 2012 Thomas Freitag <Thomas.Freitag at alfa.de>
+// Copyright (C) 2012 Even Rouault <even.rouault at mines-paris.org>
//
// To see a description of the changes please see the Changelog file that
// came with your tarball or type make ChangeLog if you are building from git
@@ -974,7 +975,7 @@ GBool JPXStream::readCodestream(Guint len) {
/ img.yTileSize;
// check for overflow before allocating memory
if (img.nXTiles <= 0 || img.nYTiles <= 0 ||
- img.nXTiles >= INT_MAX / img.nYTiles) {
+ img.nXTiles >= 65535 / img.nYTiles) {
error(errSyntaxError, getPos(),
"Bad tile count in JPX SIZ marker segment");
return gFalse;
More information about the poppler
mailing list