[poppler] poppler/Stream.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Wed Jun 21 16:44:36 UTC 2017
poppler/Stream.cc | 7 +++++++
1 file changed, 7 insertions(+)
New commits:
commit 733c8faf3034f94b632c65dd091911bc642dcae4
Author: Jose Aliste <jaliste at src.gnome.org>
Date: Tue May 16 18:44:49 2017 -0400
Check numComps is between reasonable bounds
Before this patch, some PDF might crash because of an overflow
if numComps does not lie between 0 and 4.
This is a security fix for CVE-2017-0319.
diff --git a/poppler/Stream.cc b/poppler/Stream.cc
index d93c560e..e3d5cf6a 100644
--- a/poppler/Stream.cc
+++ b/poppler/Stream.cc
@@ -32,6 +32,7 @@
// Copyright (C) 2013 Pino Toscano <pino at kde.org>
// Copyright (C) 2015 Suzuki Toshiya <mpsuzuki at hiroshima-u.ac.jp>
// Copyright (C) 2015 Jason Crain <jason at aquaticape.us>
+// Copyright (C) 2017 Jose Aliste <jaliste at src.gnome.org>
//
// To see a description of the changes please see the Changelog file that
// came with your tarball or type make ChangeLog if you are building from git
@@ -3585,6 +3586,12 @@ GBool DCTStream::readProgressiveSOF() {
height = read16();
width = read16();
numComps = str->getChar();
+
+ if (numComps <= 0 || numComps > 4) {
+ error(errSyntaxError, getPos(), "Bad number of components in DCT stream");
+ numComps = 0;
+ return gFalse;
+ }
if (prec != 8) {
error(errSyntaxError, getPos(), "Bad DCT precision {0:d}", prec);
return gFalse;
More information about the poppler
mailing list