[poppler] poppler/Hints.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Mon Jul 19 17:42:35 UTC 2021
poppler/Hints.cc | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
New commits:
commit c85a85423e3fe0c914d0a5b3f3e9e3ba3205fb79
Author: Hib Eris <hib at hiberis.nl>
Date: Fri Jul 16 15:25:52 2021 +0200
Validate input from page offset hints table
Fixes: https://gitlab.freedesktop.org/poppler/poppler/-/issues/343
diff --git a/poppler/Hints.cc b/poppler/Hints.cc
index 3a7a041b..c4f281ec 100644
--- a/poppler/Hints.cc
+++ b/poppler/Hints.cc
@@ -4,7 +4,7 @@
//
// This file is licensed under the GPLv2 or later
//
-// Copyright 2010, 2012 Hib Eris <hib at hiberis.nl>
+// Copyright 2010, 2012, 2013 Hib Eris <hib at hiberis.nl>
// Copyright 2010, 2011, 2013, 2014, 2016-2019 Albert Astals Cid <aacid at kde.org>
// Copyright 2010, 2013 Pino Toscano <pino at kde.org>
// Copyright 2013 Adrian Johnson <ajohnson at redneon.com>
@@ -283,6 +283,11 @@ bool Hints::readPageOffsetTable(Stream *str)
denominator = sbr.readBits(16);
+ if ((nBitsDiffPageLength > 32) || (nBitsOffsetStream > 32) || (nBitsLengthStream > 32) || (nBitsNumShared > 32) || (nBitsShared > 32) || (nBitsNumerator > 32)) {
+ error(errSyntaxWarning, -1, "Invalid number of bits reading page offset hints table");
+ return false;
+ }
+
for (int i = 0; i < nPages && !sbr.atEOF(); i++) {
nObjects[i] = nObjectLeast + sbr.readBits(nBitsDiffObjects);
}
More information about the poppler
mailing list