[poppler] poppler/XRef.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Sun Nov 29 18:47:58 UTC 2020
poppler/XRef.cc | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
New commits:
commit 751deb8ae3df1bc316fa17c83ca573233586b41f
Author: Albert Astals Cid <aacid at kde.org>
Date: Sun Nov 29 00:01:48 2020 +0100
XRef::removeIndirectObject: Fix overflow of gen
Also make the check in XRef::addIndirectObject that looks for a free and
usable entry a bit more robust (!= to <) than 65535
oss-fuzz/28032
diff --git a/poppler/XRef.cc b/poppler/XRef.cc
index b92c925b..30a1d1b1 100644
--- a/poppler/XRef.cc
+++ b/poppler/XRef.cc
@@ -1349,7 +1349,7 @@ Ref XRef::addIndirectObject(const Object *o)
int entryIndexToUse = -1;
for (int i = 1; entryIndexToUse == -1 && i < size; ++i) {
XRefEntry *e = getEntry(i, false /* complainIfMissing */);
- if (e->type == xrefEntryFree && e->gen != 65535) {
+ if (e->type == xrefEntryFree && e->gen < 65535) {
entryIndexToUse = i;
}
}
@@ -1389,7 +1389,9 @@ void XRef::removeIndirectObject(Ref r)
}
e->obj.~Object();
e->type = xrefEntryFree;
- e->gen++;
+ if (likely(e->gen < 65535)) {
+ e->gen++;
+ }
e->setFlag(XRefEntry::Updated, true);
setModified();
}
More information about the poppler
mailing list