rpms / poppler

Clone
Source Code
GIT

Blame SOURCES/poppler-0.66.0-dummy-xref-entry.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8-containeronly-stream-flatpak c8s c9 c9-beta c9-containeronly-stream-flatpak
  1.   a8ffeba8dd447625569d02020fc189cf933d8843
  2.   SOURCES
  3.   poppler-0.66.0-dummy-xref-entry.patch
Blob History Raw
3587f3 
From 39a251b1b3a3343400a08e2f03c5518a26624626 Mon Sep 17 00:00:00 2001
3587f3 
From: Adam Reichold <adam.reichold@t-online.de>
3587f3 
Date: Mon, 24 Dec 2018 15:40:38 +0100
3587f3 
Subject: [PATCH] Do not try to parse into unallocated XRef entry and return
3587f3 
 pointer to dummy entry instead. Closes #692 and oss-fuzz/12330
3587f3
3587f3 
---
3587f3 
 poppler/XRef.cc | 27 +++++++++++++++++++++------
3587f3 
 1 file changed, 21 insertions(+), 6 deletions(-)
3587f3
3587f3 
diff --git a/poppler/XRef.cc b/poppler/XRef.cc
3587f3 
index 0ec66944..d042d1f4 100644
3587f3 
--- a/poppler/XRef.cc
3587f3 
+++ b/poppler/XRef.cc
3587f3 
@@ -1548,11 +1548,31 @@ void XRef::readXRefUntil(int untilEntryNum, std::vector<int> *xrefStreamObjsNum)
3587f3 
   }
3587f3 
 }
3587f3
3587f3 
+namespace {
3587f3 
+
3587f3 
+struct DummyXRefEntry : XRefEntry {
3587f3 
+  DummyXRefEntry() {
3587f3 
+    offset = 0;
3587f3 
+    gen = -1;
3587f3 
+    type = xrefEntryNone;
3587f3 
+    flags = 0;
3587f3 
+  }
3587f3 
+};
3587f3 
+
3587f3 
+DummyXRefEntry dummyXRefEntry;
3587f3 
+
3587f3 
+}
3587f3 
+
3587f3 
 XRefEntry *XRef::getEntry(int i, GBool complainIfMissing)
3587f3 
 {
3587f3 
   if (i >= size || entries[i].type == xrefEntryNone) {
3587f3
3587f3 
     if ((!xRefStream) && mainXRefEntriesOffset) {
3587f3 
+      if (unlikely(i >= capacity)) {
3587f3 
+	error(errInternal, -1, "Request for out-of-bounds XRef entry [{0:d}]", i);
3587f3 
+	return &dummyXRefEntry;
3587f3 
+      }
3587f3 
+
3587f3 
       if (!parseEntry(mainXRefEntriesOffset + 20*i, &entries[i])) {
3587f3 
         error(errSyntaxError, -1, "Failed to parse XRef entry [{0:d}].", i);
3587f3 
       }
3587f3 
@@ -1563,12 +1583,7 @@ XRefEntry *XRef::getEntry(int i, bool complainIfMissing)
3587f3 
       // We might have reconstructed the xref
3587f3 
       // Check again i is in bounds
3587f3 
       if (unlikely(i >= size)) {
3587f3 
-        static XRefEntry dummy;
3587f3 
-        dummy.offset = 0;
3587f3 
-        dummy.gen = -1;
3587f3 
-        dummy.type = xrefEntryNone;
3587f3 
-        dummy.flags = 0;
3587f3 
-        return &dummy;
3587f3 
+	return &dummyXRefEntry;
3587f3 
       }
3587f3
3587f3 
       if (entries[i].type == xrefEntryNone) {
3587f3 
--
3587f3 
2.20.1
3587f3

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation