poppler/JBIG2Stream.cc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-)
New commits: commit ed0c9640abcbea459e3a276ee0b27631b01c32c4 Author: Albert Astals Cid <[email protected]> Date: Sun Apr 8 12:24:20 2012 +0200 Do not crash if mallocing too much memory Fixes crash in https://ritdml.rit.edu/bitstream/handle/1850/11220/TYehThesis1992.pdf?sequence=1 even though the page is still unrendered diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc index 5a3e329..a65746e 100644 --- a/poppler/JBIG2Stream.cc +++ b/poppler/JBIG2Stream.cc @@ -15,7 +15,7 @@ // // Copyright (C) 2006 Raj Kumar <[email protected]> // Copyright (C) 2006 Paul Walmsley <[email protected]> -// Copyright (C) 2006-2010 Albert Astals Cid <[email protected]> +// Copyright (C) 2006-2010, 2012 Albert Astals Cid <[email protected]> // Copyright (C) 2009 David Benjamin <[email protected]> // Copyright (C) 2011 Edward Jiang <[email protected]> // @@ -1634,8 +1634,13 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length, } // get the input symbol bitmaps - bitmaps = (JBIG2Bitmap **)gmallocn(numInputSyms + numNewSyms, + bitmaps = (JBIG2Bitmap **)gmallocn_checkoverflow(numInputSyms + numNewSyms, sizeof(JBIG2Bitmap *)); + if (!bitmaps) { + error(errSyntaxError, curStr->getPos(), "Too many input symbols in JBIG2 symbol dictionary"); + delete codeTables; + goto eofError; + } for (i = 0; i < numInputSyms + numNewSyms; ++i) { bitmaps[i] = NULL; } _______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
