poppler/JPXStream.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)
New commits: commit 7e0be7854adc49e4e00c0badb0dc470fbdf6d612 Author: Even Rouault <[email protected]> Date: Fri Dec 28 00:44:29 2012 +0100 Avoid DoS due to huge number of JPX tiles in a stream diff --git a/poppler/JPXStream.cc b/poppler/JPXStream.cc index f1becc9..606c08e 100644 --- a/poppler/JPXStream.cc +++ b/poppler/JPXStream.cc @@ -15,6 +15,7 @@ // // Copyright (C) 2008, 2012 Albert Astals Cid <[email protected]> // Copyright (C) 2012 Thomas Freitag <[email protected]> +// Copyright (C) 2012 Even Rouault <[email protected]> // // To see a description of the changes please see the Changelog file that // came with your tarball or type make ChangeLog if you are building from git @@ -974,7 +975,7 @@ GBool JPXStream::readCodestream(Guint len) { / img.yTileSize; // check for overflow before allocating memory if (img.nXTiles <= 0 || img.nYTiles <= 0 || - img.nXTiles >= INT_MAX / img.nYTiles) { + img.nXTiles >= 65535 / img.nYTiles) { error(errSyntaxError, getPos(), "Bad tile count in JPX SIZ marker segment"); return gFalse; _______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
