Le mercredi 26 décembre 2012 20:45:10, Even Rouault a écrit : > Hi, > > The attached patch (against poppler 0.21.4) fixes an almost infinite loop > at line 532 of JPXStream.cc due to dataLen < 7. Also attached the PDF to > reproduce the bug.
A v2 of the patch, with another file that triggered it. > > Best regards, > > Even
--- poppler/JPXStream.cc.ori 2012-12-26 20:40:28.182361461 +0100
+++ poppler/JPXStream.cc 2012-12-26 21:19:37.372556098 +0100
@@ -529,14 +529,20 @@
csPrec = csPrec1;
haveCSMode = gTrue;
}
- for (i = 0; i < dataLen - 7; ++i) {
- bufStr->getChar();
- }
+ if( dataLen >= 7 ) {
+ for (i = 0; i < dataLen - 7; ++i) {
+ if( bufStr->getChar() == EOF )
+ break;
+ }
+ }
}
} else {
- for (i = 0; i < dataLen - 3; ++i) {
- bufStr->getChar();
- }
+ if( dataLen >= 3 ) {
+ for (i = 0; i < dataLen - 3; ++i) {
+ if( bufStr->getChar() == EOF )
+ break;
+ }
+ }
}
}
} else if (boxType == 0x6A703263) { // codestream
very_long_loop_in_JPXStream_getImageParams_v2.pdf
Description: Adobe PDF document
_______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
