[poppler] poppler/Stream.cc

[Albert Astals Cid]

 poppler/Stream.cc |   10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

New commits:
commit 1e1a2d0600153c98d44f65e83a0555ab5288450b
Author: Jason Crain <jason at aquaticape.us>
Date:   Sun Sep 6 22:33:02 2015 +0200

    Fix JBIG2Decode infinite loop and stack overflow
    
    Creating a JBIG2Decode filter can create a stack overflow or infinite
    loop.  Fix stack overflow by adding 'recursion' argument to fetch
    call.  Fix infinite loop by removing the reference lookup loop.
    Chains of references aren't allowed by the spec anyway.
    
    Bug #91186

diff --git a/poppler/Stream.cc b/poppler/Stream.cc
index d2dd761..9617678 100644
--- a/poppler/Stream.cc
+++ b/poppler/Stream.cc
@@ -31,6 +31,7 @@
 // Copyright (C) 2013 Adam Reichold <adamreichold at myopera.com>
 // Copyright (C) 2013 Pino Toscano <pino at kde.org>
 // Copyright (C) 2015 Suzuki Toshiya <mpsuzuki at hiroshima-u.ac.jp>
+// Copyright (C) 2015 Jason Crain <jason at aquaticape.us>
 //
 // To see a description of the changes please see the Changelog file that
 // came with your tarball or type make ChangeLog if you are building from git
@@ -340,13 +341,8 @@ Stream *Stream::makeFilter(char *name, Stream *str, Object *params, int recursio
   } else if (!strcmp(name, "JBIG2Decode")) {
     if (params->isDict()) {
       XRef *xref = params->getDict()->getXRef();
-      params->dictLookupNF("JBIG2Globals", &globals);
-      while (globals.isRef()) {
-        obj.free();
-        globals.copy(&obj);
-        globals.free();
-        obj.fetch(xref, &globals);
-      }
+      params->dictLookupNF("JBIG2Globals", &obj);
+      obj.fetch(xref, &globals, recursion);
     }
     str = new JBIG2Stream(str, &globals, &obj);
     globals.free();