[poppler] poppler/Stream.cc

Albert Astals Cid aacid at kemper.freedesktop.org
Wed Jun 21 16:44:36 UTC 2017


 poppler/Stream.cc |    7 +++++++
 1 file changed, 7 insertions(+)

New commits:
commit 733c8faf3034f94b632c65dd091911bc642dcae4
Author: Jose Aliste <jaliste at src.gnome.org>
Date:   Tue May 16 18:44:49 2017 -0400

    Check numComps is between reasonable bounds
    
    Before this patch, some PDF might crash because of an overflow
    if numComps does not lie between 0 and 4.
    This is a security fix for CVE-2017-0319.

diff --git a/poppler/Stream.cc b/poppler/Stream.cc
index d93c560e..e3d5cf6a 100644
--- a/poppler/Stream.cc
+++ b/poppler/Stream.cc
@@ -32,6 +32,7 @@
 // Copyright (C) 2013 Pino Toscano <pino at kde.org>
 // Copyright (C) 2015 Suzuki Toshiya <mpsuzuki at hiroshima-u.ac.jp>
 // Copyright (C) 2015 Jason Crain <jason at aquaticape.us>
+// Copyright (C) 2017 Jose Aliste <jaliste at src.gnome.org>
 //
 // To see a description of the changes please see the Changelog file that
 // came with your tarball or type make ChangeLog if you are building from git
@@ -3585,6 +3586,12 @@ GBool DCTStream::readProgressiveSOF() {
   height = read16();
   width = read16();
   numComps = str->getChar();
+
+  if (numComps <= 0 || numComps > 4) {
+    error(errSyntaxError, getPos(), "Bad number of components in DCT stream");
+    numComps = 0;
+    return gFalse;
+  }
   if (prec != 8) {
     error(errSyntaxError, getPos(), "Bad DCT precision {0:d}", prec);
     return gFalse;


More information about the poppler mailing list