[poppler] poppler/JBIG2Stream.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Sat Jan 26 17:26:15 UTC 2019
poppler/JBIG2Stream.cc | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
New commits:
commit ef64a69b84ad066559a0f25d5c5af96af38b9dd1
Author: Vincent Le Garrec <legarrec.vincent at gmail.com>
Date: Sat Jan 26 09:53:38 2019 +0100
ofz-8798: Undefined-shift in JBIG2MMRDecoder::get2DCode
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8798
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 2c12f7b6..a5329aeb 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -24,6 +24,7 @@
// Copyright (C) 2013, 2014 Fabio D'Urso <fabiodurso at hotmail.it>
// Copyright (C) 2015 Suzuki Toshiya <mpsuzuki at hiroshima-u.ac.jp>
// Copyright (C) 2018 Adam Reichold <adam.reichold at t-online.de>
+// Copyright (C) 2019 LE GARREC Vincent <legarrec.vincent at gmail.com>
//
// To see a description of the changes please see the Changelog file that
// came with your tarball or type make ChangeLog if you are building from git
@@ -493,7 +494,7 @@ void JBIG2MMRDecoder::reset() {
}
int JBIG2MMRDecoder::get2DCode() {
- const CCITTCode *p;
+ const CCITTCode *p = nullptr;
if (bufLen == 0) {
buf = str->getChar() & 0xff;
@@ -502,7 +503,7 @@ int JBIG2MMRDecoder::get2DCode() {
p = &twoDimTab1[(buf >> 1) & 0x7f];
} else if (bufLen == 8) {
p = &twoDimTab1[(buf >> 1) & 0x7f];
- } else {
+ } else if (bufLen < 8) {
p = &twoDimTab1[(buf << (7 - bufLen)) & 0x7f];
if (p->bits < 0 || p->bits > (int)bufLen) {
buf = (buf << 8) | (str->getChar() & 0xff);
@@ -511,7 +512,7 @@ int JBIG2MMRDecoder::get2DCode() {
p = &twoDimTab1[(buf >> (bufLen - 7)) & 0x7f];
}
}
- if (p->bits < 0) {
+ if (p == nullptr || p->bits < 0) {
error(errSyntaxError, str->getPos(), "Bad two dim code in JBIG2 MMR stream");
return EOF;
}
More information about the poppler
mailing list