[Poppler-bugs] [Bug 91200] invalid input will cause out of bounds heap read in function Hints::getPageObjectNum
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sun Aug 23 15:13:43 PDT 2015
https://bugs.freedesktop.org/show_bug.cgi?id=91200
--- Comment #1 from Jason Crain <jason at aquaticape.us> ---
Created attachment 117884
--> https://bugs.freedesktop.org/attachment.cgi?id=117884&action=edit
Fix bounds check in Linearization::getPageFirst
This document has a linearization parameter dictionary in which the 'first
page' parameter, /P, is equal to the total number of pages /N and is therefore
out of bounds, and leads to Hints::getPageObjectNum having an out of bounds
read. The attached patch modified a bounds check to make sure pageFirst is
within the interval [0, getNumPages).
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/poppler-bugs/attachments/20150823/0ef4c64e/attachment.html>
More information about the Poppler-bugs
mailing list