poppler/CharCodeToUnicode.cc | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-)
New commits: commit 7bd79c6f36af191d1937aa7315329e85e0e3a308 Author: Albert Astals Cid <[email protected]> Date: Tue Nov 2 19:16:37 2010 +0000 compile++ diff --git a/poppler/CharCodeToUnicode.cc b/poppler/CharCodeToUnicode.cc index 3cfa402..d7ac5b3 100644 --- a/poppler/CharCodeToUnicode.cc +++ b/poppler/CharCodeToUnicode.cc @@ -36,12 +36,12 @@ #include <string.h> #include "goo/gmem.h" #include "goo/gfile.h" -#include "goo/GooLikely.h" #include "goo/GooString.h" #include "Error.h" #include "GlobalParams.h" #include "PSTokenizer.h" #include "CharCodeToUnicode.h" +#include "Object.h" //------------------------------------------------------------------------ commit 09d97175342619ce889f0e1d0b3fd62774d5eda9 Author: Albert Astals Cid <[email protected]> Date: Tue Nov 2 19:14:34 2010 +0000 Fix crash in broken documents mapLen = (code + 256) & ~255; can wrap and you end up with mapLen < code that is not what you wanted diff --git a/poppler/CharCodeToUnicode.cc b/poppler/CharCodeToUnicode.cc index 1835ddd..3cfa402 100644 --- a/poppler/CharCodeToUnicode.cc +++ b/poppler/CharCodeToUnicode.cc @@ -13,7 +13,7 @@ // All changes made under the Poppler project to this file are licensed // under GPL version 2 or later // -// Copyright (C) 2006, 2008, 2009 Albert Astals Cid <[email protected]> +// Copyright (C) 2006, 2008-2010 Albert Astals Cid <[email protected]> // Copyright (C) 2007 Julien Rebetez <[email protected]> // Copyright (C) 2007 Koji Otani <[email protected]> // Copyright (C) 2008 Michael Vrable <[email protected]> @@ -36,6 +36,7 @@ #include <string.h> #include "goo/gmem.h" #include "goo/gfile.h" +#include "goo/GooLikely.h" #include "goo/GooString.h" #include "Error.h" #include "GlobalParams.h" @@ -366,10 +367,15 @@ void CharCodeToUnicode::addMapping(CharCode code, char *uStr, int n, if (code >= mapLen) { oldLen = mapLen; mapLen = (code + 256) & ~255; - map = (Unicode *)greallocn(map, mapLen, sizeof(Unicode)); - for (i = oldLen; i < mapLen; ++i) { - map[i] = 0; - } + if (unlikely(code >= mapLen)) { + error(-1, "Illegal code value in CharCodeToUnicode::addMapping"); + return; + } else { + map = (Unicode *)greallocn(map, mapLen, sizeof(Unicode)); + for (i = oldLen; i < mapLen; ++i) { + map[i] = 0; + } + } } if (n <= 4) { if (sscanf(uStr, "%x", &u) != 1) { _______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
