[poppler] poppler/XRef.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Wed Nov 22 20:52:41 UTC 2017
poppler/XRef.cc | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
New commits:
commit 42d8d7ffd8b5393dc3103a45932b70bc8ca61c2e
Author: Albert Astals Cid <aacid at kde.org>
Date: Wed Nov 22 21:50:24 2017 +0100
Open files that state 8 bits as third field of W
Even we only really accept 32 bits since it is really strange to have
more than 2^31 generations
Bug #103469
diff --git a/poppler/XRef.cc b/poppler/XRef.cc
index e37d5494..f04a31fc 100644
--- a/poppler/XRef.cc
+++ b/poppler/XRef.cc
@@ -734,7 +734,7 @@ GBool XRef::readXRefStream(Stream *xrefStr, Goffset *pos) {
return gFalse;
}
}
- if (w[0] > (int)sizeof(int) || w[1] > (int)sizeof(long long) || w[2] > (int)sizeof(int)) {
+ if (w[0] > (int)sizeof(int) || w[1] > (int)sizeof(long long) || w[2] > (int)sizeof(long long)) {
return gFalse;
}
@@ -782,8 +782,8 @@ GBool XRef::readXRefStream(Stream *xrefStr, Goffset *pos) {
}
GBool XRef::readXRefStreamSection(Stream *xrefStr, int *w, int first, int n) {
- unsigned long long offset;
- int type, gen, c, i, j;
+ unsigned long long offset, gen;
+ int type, c, i, j;
if (first + n < 0) {
return gFalse;
@@ -825,6 +825,10 @@ GBool XRef::readXRefStreamSection(Stream *xrefStr, int *w, int first, int n) {
}
gen = (gen << 8) + c;
}
+ if (gen > INT_MAX) {
+ error(errSyntaxError, -1, "Gen inside xref table too large (bigger than INT_MAX)");
+ return gFalse;
+ }
if (entries[i].offset == -1) {
switch (type) {
case 0:
More information about the poppler
mailing list