[poppler] poppler/XRef.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon Jul 13 20:24:55 UTC 2020
poppler/XRef.cc | 6 ++++++
1 file changed, 6 insertions(+)
New commits:
commit ec8a43c8df29fdd6f1228276160898ccd9401c92
Author: Albert Astals Cid <aacid at kde.org>
Date: Sat Jul 4 00:08:55 2020 +0200
Fix stack overflow with specially crafted files
The file is not malformed per se, it just has a huge XRefStm chain
and we end up exhausting the stack space trying to parse them all.
Having more than 4096 XRefStm seems like won't really happen on real
life so break the flow at that point
Fixes #936
diff --git a/poppler/XRef.cc b/poppler/XRef.cc
index c37f71cb..1b5b999a 100644
--- a/poppler/XRef.cc
+++ b/poppler/XRef.cc
@@ -633,6 +633,12 @@ bool XRef::readXRefTable(Parser *parser, Goffset *pos, std::vector<Goffset> *fol
ok = false;
}
}
+ // Arbitrary limit because otherwise we exhaust the stack
+ // calling readXRef + readXRefTable
+ if (followedXRefStm->size() > 4096) {
+ error(errSyntaxError, -1, "File has more than 4096 XRefStm, aborting");
+ ok = false;
+ }
if (ok) {
followedXRefStm->push_back(pos2);
readXRef(&pos2, followedXRefStm, xrefStreamObjsNum);
More information about the poppler
mailing list