Hi, The attached patch (against poppler 0.21.4) fixes a DoS due to huge number of JPX tiles in a stream. Also attached the PDF to reproduce the bug. Note: a similar fix was committed in OpenJPEG recently: http://code.google.com/p/openjpeg/source/detail?r=2239
Best regards, Even
--- poppler/JPXStream.cc.ori 2012-12-26 20:40:28.182361461 +0100
+++ poppler/JPXStream.cc 2012-12-26 20:50:47.942270386 +0100
@@ -974,7 +974,7 @@
/ img.yTileSize;
// check for overflow before allocating memory
if (img.nXTiles <= 0 || img.nYTiles <= 0 ||
- img.nXTiles >= INT_MAX / img.nYTiles) {
+ img.nXTiles >= 65535 / img.nYTiles) {
error(errSyntaxError, getPos(),
"Bad tile count in JPX SIZ marker segment");
return gFalse;
limit_jpx_tile_count_to_65535.pdf
Description: Adobe PDF document
_______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
