Hi, The attached patch (against poppler 0.21.4) fixes an almost infinite loop at line 532 of JPXStream.cc due to dataLen < 7. Also attached the PDF to reproduce the bug.
Best regards, Even
--- poppler/JPXStream.cc.ori 2012-12-26 20:40:28.182361461 +0100
+++ poppler/JPXStream.cc 2012-12-26 20:40:34.872109899 +0100
@@ -529,14 +529,18 @@
csPrec = csPrec1;
haveCSMode = gTrue;
}
- for (i = 0; i < dataLen - 7; ++i) {
- bufStr->getChar();
- }
+ if( dataLen >= 7 ) {
+ for (i = 0; i < dataLen - 7; ++i) {
+ bufStr->getChar();
+ }
+ }
}
} else {
- for (i = 0; i < dataLen - 3; ++i) {
- bufStr->getChar();
- }
+ if( dataLen >= 3 ) {
+ for (i = 0; i < dataLen - 3; ++i) {
+ bufStr->getChar();
+ }
+ }
}
}
} else if (boxType == 0x6A703263) { // codestream
very_long_loop_in_JPXStream_getImageParams.pdf
Description: Adobe PDF document
_______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
