From c114a90063d755639d2b0dbf816690a66b54bee0 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Sun, 8 Feb 2015 00:24:11 +0100
Subject: Fix crash in fuzzed file from Bug #84988


diff --git a/poppler/TextOutputDev.cc b/poppler/TextOutputDev.cc
index c9db1e7..150d444 100644
--- a/poppler/TextOutputDev.cc
+++ b/poppler/TextOutputDev.cc
@@ -20,7 +20,7 @@
 // Copyright (C) 2006 Jeff Muizelaar <jeff@infidigm.net>
 // Copyright (C) 2007, 2008, 2012 Adrian Johnson <ajohnson@redneon.com>
 // Copyright (C) 2008 Koji Otani <sho@bbr.jp>
-// Copyright (C) 2008, 2010-2012, 2014 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2008, 2010-2012, 2014, 2015 Albert Astals Cid <aacid@kde.org>
 // Copyright (C) 2008 Pino Toscano <pino@kde.org>
 // Copyright (C) 2008, 2010 Hib Eris <hib@hiberis.nl>
 // Copyright (C) 2009 Ross Moore <ross@maths.mq.edu.au>
@@ -622,6 +622,10 @@ void TextPool::addWord(TextWord *word) {
   TextWord *w0, *w1;
 
   // expand the array if needed
+  if (unlikely((word->base / textPoolStep) > INT_MAX)) {
+      error(errSyntaxWarning, -1, "word->base / textPoolStep > INT_MAX");
+      return;
+  }
   wordBaseIdx = (int)(word->base / textPoolStep);
   if (minBaseIdx > maxBaseIdx) {
     minBaseIdx = wordBaseIdx - 128;
-- 
cgit v0.10.2