[poppler] 2 commits - fofi/FoFiTrueType.cc poppler/XRef.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon Jan 11 08:33:53 UTC 2021
fofi/FoFiTrueType.cc | 4 ++++
poppler/XRef.cc | 4 ++++
2 files changed, 8 insertions(+)
New commits:
commit 3252bc323c814eb010df011024f06597755b4b7d
Author: Albert Astals Cid <aacid at kde.org>
Date: Sun Jan 10 20:15:39 2021 +0100
Don't try to read xref at negative stream positions
oss-fuzz/29460
diff --git a/poppler/XRef.cc b/poppler/XRef.cc
index 79cf25fc..77a6752f 100644
--- a/poppler/XRef.cc
+++ b/poppler/XRef.cc
@@ -468,6 +468,10 @@ bool XRef::readXRef(Goffset *pos, std::vector<Goffset> *followedXRefStm, std::ve
ok = false;
return false;
}
+ if (parsePos < 0) {
+ ok = false;
+ return false;
+ }
// start up a parser, parse one token
parser = new Parser(nullptr, str->makeSubStream(parsePos, false, 0, Object(objNull)), true);
commit fec79bfc7ed1573a8d92ac77bcb225dd032db296
Author: Albert Astals Cid <aacid at kde.org>
Date: Sun Jan 10 19:45:23 2021 +0100
FoFiTrueType::cvtSfnts: Fix uninitialized memory read on broken files
oss-fuzz/29386
diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc
index a1396c55..3d4dd724 100644
--- a/fofi/FoFiTrueType.cc
+++ b/fofi/FoFiTrueType.cc
@@ -1301,6 +1301,10 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const
++k;
}
}
+ if (unlikely(k < nNewTables)) {
+ error(errSyntaxWarning, -1, "unexpected number of tables");
+ nNewTables = k;
+ }
// construct the table directory
tableDir[0] = 0x00; // sfnt version
More information about the poppler
mailing list