poppler/Stream.cc | 3 +++
1 file changed, 3 insertions(+)
New commits:
commit 50c0b294d08114920a5db711876e20d991f474a6
Author: Albert Astals Cid <[email protected]>
Date: Sun Apr 29 22:33:09 2012 +0200
Make sure the index to dcHuffTables and acHuffTables is in bounds
Found in a fuzzed pdf sent by Mateusz "j00ru" Jurczyk and Gynvael Coldwind
diff --git a/poppler/Stream.cc b/poppler/Stream.cc
index 423bf1c..4ce6c00 100644
--- a/poppler/Stream.cc
+++ b/poppler/Stream.cc
@@ -2581,6 +2581,9 @@ GBool DCTStream::readMCURow() {
vSub = vert / 8;
for (y2 = 0; y2 < mcuHeight; y2 += vert) {
for (x2 = 0; x2 < mcuWidth; x2 += horiz) {
+ if (unlikely(scanInfo.dcHuffTable[cc] >= 4) ||
unlikely(scanInfo.acHuffTable[cc] >= 4)) {
+ return gFalse;
+ }
if (!readDataUnit(&dcHuffTables[scanInfo.dcHuffTable[cc]],
&acHuffTables[scanInfo.acHuffTable[cc]],
&compInfo[cc].prevDC,
_______________________________________________
poppler mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/poppler
