poppler/Hints.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
New commits: commit 083bfa59378be1c008cb6543f7e9bebde29a4079 Author: Albert Astals Cid <[email protected]> Date: Tue May 22 22:01:35 2018 +0200 nBitsDiffObjects can only be 32 as per spec fixes oss-fuzz/8464 diff --git a/poppler/Hints.cc b/poppler/Hints.cc index 2f5fec6c..ecee0468 100644 --- a/poppler/Hints.cc +++ b/poppler/Hints.cc @@ -5,7 +5,7 @@ // This file is licensed under the GPLv2 or later // // Copyright 2010, 2012 Hib Eris <[email protected]> -// Copyright 2010, 2011, 2013, 2014, 2016, 2017 Albert Astals Cid <[email protected]> +// Copyright 2010, 2011, 2013, 2014, 2016-2018 Albert Astals Cid <[email protected]> // Copyright 2010, 2013 Pino Toscano <[email protected]> // Copyright 2013 Adrian Johnson <[email protected]> // Copyright 2014 Fabio D'Urso <[email protected]> @@ -258,6 +258,11 @@ GBool Hints::readPageOffsetTable(Stream *str) if (objectOffsetFirst >= hintsOffset) objectOffsetFirst += hintsLength; nBitsDiffObjects = sbr.readBits(16); + if (nBitsDiffObjects > 32) { + error(errSyntaxWarning, -1, "Invalid number of bits needed to represent the difference between the greatest and least number of objects in a page"); + nPages = 0; + return gFalse; + } pageLengthLeast = sbr.readBits(32); _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
