[poppler] poppler/JBIG2Stream.cc

[Albert Astals Cid]

 poppler/JBIG2Stream.cc |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

New commits:
commit ed0c9640abcbea459e3a276ee0b27631b01c32c4
Author: Albert Astals Cid <aacid at kde.org>
Date:   Sun Apr 8 12:24:20 2012 +0200

    Do not crash if mallocing too much memory
    
    Fixes crash in https://ritdml.rit.edu/bitstream/handle/1850/11220/TYehThesis1992.pdf?sequence=1
    even though the page is still unrendered

diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 5a3e329..a65746e 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -15,7 +15,7 @@
 //
 // Copyright (C) 2006 Raj Kumar <rkumar at archive.org>
 // Copyright (C) 2006 Paul Walmsley <paul at booyaka.com>
-// Copyright (C) 2006-2010 Albert Astals Cid <aacid at kde.org>
+// Copyright (C) 2006-2010, 2012 Albert Astals Cid <aacid at kde.org>
 // Copyright (C) 2009 David Benjamin <davidben at mit.edu>
 // Copyright (C) 2011 Edward Jiang <ejiang at google.com>
 //
@@ -1634,8 +1634,13 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length,
   }
 
   // get the input symbol bitmaps
-  bitmaps = (JBIG2Bitmap **)gmallocn(numInputSyms + numNewSyms,
+  bitmaps = (JBIG2Bitmap **)gmallocn_checkoverflow(numInputSyms + numNewSyms,
 				     sizeof(JBIG2Bitmap *));
+  if (!bitmaps) {
+    error(errSyntaxError, curStr->getPos(), "Too many input symbols in JBIG2 symbol dictionary");
+    delete codeTables;
+    goto eofError;
+  }
   for (i = 0; i < numInputSyms + numNewSyms; ++i) {
     bitmaps[i] = NULL;
   }