rpms / poppler

Clone
Source Code
GIT

Blame SOURCES/poppler-0.66.0-negative-object-number.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8-containeronly-stream-flatpak c8s c9 c9-beta c9-containeronly-stream-flatpak
  1.   396e5c56d4cc6aba05c51be0281ceeaab17e670c
  2.   SOURCES
  3.   poppler-0.66.0-negative-object-number.patch
Blob History Raw
396e5c 
From 004e3c10df0abda214f0c293f9e269fdd979c5ee Mon Sep 17 00:00:00 2001
396e5c 
From: Albert Astals Cid <aacid@kde.org>
396e5c 
Date: Wed, 18 Jul 2018 20:31:27 +0200
396e5c 
Subject: Fix crash when Object has negative number
396e5c
396e5c 
Spec says object number has to be > 0 and gen has to be >= 0
396e5c
396e5c 
Reported by email
396e5c
396e5c 
diff --git a/poppler/Parser.cc b/poppler/Parser.cc
396e5c 
index 39c9a967..8b0093e3 100644
396e5c 
--- a/poppler/Parser.cc
396e5c 
+++ b/poppler/Parser.cc
396e5c 
@@ -154,6 +154,11 @@ Object Parser::getObj(GBool simpleOnly,
396e5c 
       const int gen = buf1.getInt();
396e5c 
       shift();
396e5c 
       shift();
396e5c 
+
396e5c 
+      if (unlikely(num <= 0 || gen < 0)) {
396e5c 
+          return Object();
396e5c 
+      }
396e5c 
+
396e5c 
       return Object(num, gen);
396e5c 
     } else {
396e5c 
       return Object(num);

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation