[poppler] poppler/JBIG2Stream.cc

Thu Dec 17 18:44:08 UTC 2020

poppler/JBIG2Stream.cc |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

New commits:
commit c38694aed09336232757316321d2fa84c5f2bf57
Author: Albert Astals Cid <aacid at kde.org>
Date:   Thu Dec 17 19:36:05 2020 +0100

    Fix integer overflow on broken files
    
    oss-fuzz/28749

diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index ae7d6306..1e19198a 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -591,7 +591,13 @@ JBIG2Bitmap::JBIG2Bitmap(unsigned int segNumA, int wA, int hA) : JBIG2Segment(se
 {
     w = wA;
     h = hA;
-    line = (wA + 7) >> 3;
+    int auxW;
+    if (unlikely(checkedAdd(wA, 7, &auxW))) {
+        error(errSyntaxError, -1, "invalid width");
+        data = nullptr;
+        return;
+    }
+    line = auxW >> 3;
 
     if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) {
         error(errSyntaxError, -1, "invalid width/height");
