From 60b4fe65bc9dc9b82bbadf0be2e3781be796a13d Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 1 May 2018 02:46:17 +0200
Subject: FoFiType1C::cvtGlyph: Fix infinite recursion on malformed documents

Bugs #104942, #103238
---
 fofi/FoFiType1C.cc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc
index 03e7799..b14561f 100644
--- a/fofi/FoFiType1C.cc
+++ b/fofi/FoFiType1C.cc
@@ -13,7 +13,7 @@
 // All changes made under the Poppler project to this file are licensed
 // under GPL version 2 or later
 //
-// Copyright (C) 2009, 2010 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2009, 2010, 2017, 2018 Albert Astals Cid <aacid@kde.org>
 // Copyright (C) 2012 Thomas Freitag <Thomas.Freitag@alfa.de>
 //
 // To see a description of the changes please see the Changelog file that
@@ -32,6 +32,7 @@
 #include <math.h>
 #include "goo/gmem.h"
 #include "goo/gstrtod.h"
+#include "goo/GooLikely.h"
 #include "goo/GooString.h"
 #include "FoFiEncodings.h"
 #include "FoFiType1C.h"
@@ -1361,7 +1362,7 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf,
 	  --nOps;
 	  ok = gTrue;
 	  getIndexVal(subrIdx, k, &val, &ok);
-	  if (ok) {
+	  if (likely(ok && val.pos != offset)) {
 	    cvtGlyph(val.pos, val.len, charBuf, subrIdx, pDict, gFalse);
 	  }
 	} else {
@@ -1596,7 +1597,7 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf,
 	  --nOps;
 	  ok = gTrue;
 	  getIndexVal(&gsubrIdx, k, &val, &ok);
-	  if (ok) {
+	  if (likely(ok && val.pos != offset)) {
 	    cvtGlyph(val.pos, val.len, charBuf, subrIdx, pDict, gFalse);
 	  }
 	} else {
-- 
cgit v1.1