[poppler] poppler/Function.cc

Wed Jun 6 15:57:58 UTC 2018

poppler/Function.cc |    4 ++++
 1 file changed, 4 insertions(+)

New commits:
commit 6b37df791731e40837fa1eba86ae740650431438
Author: Albert Astals Cid <aacid at kde.org>
Date:   Wed Jun 6 17:56:27 2018 +0200

    SampledFunction: Fix divide by zero
    
    Actual valid values are 1, 2, 4, 8, 12, 16, 24, and 32 but this check is easier
    
    fixes oss-fuzz/8713

diff --git a/poppler/Function.cc b/poppler/Function.cc
index 39c09671..71992d95 100644
--- a/poppler/Function.cc
+++ b/poppler/Function.cc
@@ -295,6 +295,10 @@ SampledFunction::SampledFunction(Object *funcObj, Dict *dict) {
     return;
   }
   sampleBits = obj1.getInt();
+  if (unlikely(sampleBits < 1 || sampleBits > 32)) {
+    error(errSyntaxError, -1, "Function invalid BitsPerSample");
+    return;
+  }
   sampleMul = 1.0 / (pow(2.0, (double)sampleBits) - 1);
 
   //----- Encode
