poppler/XRef.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) New commits: commit a7154bcc6aba5429dc6cc024bd90dae2f1d2d0c1 Author: Albert Astals Cid <aa...@kde.org> Date: Fri May 25 16:21:45 2018 +0200
XRef::readXRefTable: Rewrite overflow check In a way that it doesn't depend on undefined behaviour fixes oss-fuzz/8528 diff --git a/poppler/XRef.cc b/poppler/XRef.cc index 95d19021..6afb51a0 100644 --- a/poppler/XRef.cc +++ b/poppler/XRef.cc @@ -574,7 +574,7 @@ GBool XRef::readXRefTable(Parser *parser, Goffset *pos, std::vector<Goffset> *fo goto err0; } n = obj.getInt(); - if (first < 0 || n < 0 || first + n < 0) { + if (first < 0 || n < 0 || first > INT_MAX - n) { goto err0; } if (first + n > size) { _______________________________________________ poppler mailing list poppler@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/poppler