rpms / poppler

Clone
Source Code
GIT

Blame SOURCES/poppler-0.26.5-parser-integer-overflow.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8-containeronly-stream-flatpak c8s c9 c9-beta c9-containeronly-stream-flatpak
  1.   eb36cbb99107e25895c84f5b79f92ac49be98de2
  2.   SOURCES
  3.   poppler-0.26.5-parser-integer-overflow.patch
Blob History Raw
eb36cb 
--- poppler-0.26.5/poppler/Parser.cc
eb36cb 
+++ poppler-0.26.5/poppler/Parser.cc
eb36cb 
@@ -19,6 +19,7 @@
eb36cb 
 // Copyright (C) 2012 Hib Eris <hib@hiberis.nl>
eb36cb 
 // Copyright (C) 2013 Adrian Johnson <ajohnson@redneon.com>
eb36cb 
 // Copyright (C) 2013 Thomas Freitag <Thomas.Freitag@alfa.de>
eb36cb 
+// Copyright (C) 2018 Albert Astals Cid <aacid@kde.org>
eb36cb 
 //
eb36cb 
 // To see a description of the changes please see the Changelog file that
eb36cb 
 // came with your tarball or type make ChangeLog if you are building from git
eb36cb 
@@ -257,6 +258,12 @@ Stream *Parser::makeStream(Object *dict,
eb36cb 
       pos = pos - 1;
eb36cb 
       lexer->lookCharLastValueCached = Lexer::LOOK_VALUE_NOT_CACHED;
eb36cb 
   }
eb36cb 
+  if (unlikely(length < 0)) {
eb36cb 
+      return NULL;
eb36cb 
+  }
eb36cb 
+  if (unlikely(pos > LONG_LONG_MAX - length)) {
eb36cb 
+      return NULL;
eb36cb 
+  }
eb36cb 
   lexer->setPos(pos + length);
eb36cb
eb36cb 
   // refill token buffers and check for 'endstream'

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation