poppler/JBIG2Stream.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
New commits: commit ef64a69b84ad066559a0f25d5c5af96af38b9dd1 Author: Vincent Le Garrec <[email protected]> Date: Sat Jan 26 09:53:38 2019 +0100 ofz-8798: Undefined-shift in JBIG2MMRDecoder::get2DCode https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8798 diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc index 2c12f7b6..a5329aeb 100644 --- a/poppler/JBIG2Stream.cc +++ b/poppler/JBIG2Stream.cc @@ -24,6 +24,7 @@ // Copyright (C) 2013, 2014 Fabio D'Urso <[email protected]> // Copyright (C) 2015 Suzuki Toshiya <[email protected]> // Copyright (C) 2018 Adam Reichold <[email protected]> +// Copyright (C) 2019 LE GARREC Vincent <[email protected]> // // To see a description of the changes please see the Changelog file that // came with your tarball or type make ChangeLog if you are building from git @@ -493,7 +494,7 @@ void JBIG2MMRDecoder::reset() { } int JBIG2MMRDecoder::get2DCode() { - const CCITTCode *p; + const CCITTCode *p = nullptr; if (bufLen == 0) { buf = str->getChar() & 0xff; @@ -502,7 +503,7 @@ int JBIG2MMRDecoder::get2DCode() { p = &twoDimTab1[(buf >> 1) & 0x7f]; } else if (bufLen == 8) { p = &twoDimTab1[(buf >> 1) & 0x7f]; - } else { + } else if (bufLen < 8) { p = &twoDimTab1[(buf << (7 - bufLen)) & 0x7f]; if (p->bits < 0 || p->bits > (int)bufLen) { buf = (buf << 8) | (str->getChar() & 0xff); @@ -511,7 +512,7 @@ int JBIG2MMRDecoder::get2DCode() { p = &twoDimTab1[(buf >> (bufLen - 7)) & 0x7f]; } } - if (p->bits < 0) { + if (p == nullptr || p->bits < 0) { error(errSyntaxError, str->getPos(), "Bad two dim code in JBIG2 MMR stream"); return EOF; } _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
