poppler/JBIG2Stream.cc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
New commits: commit 5a65db3d992eeb8a4cd4b2531f3c59ad25940487 Author: Albert Astals Cid <[email protected]> Date: Mon Nov 16 19:49:54 2020 +0100 JBIG2Stream::readCodeTableSeg: More overflow protection in broken files diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc index f267f413..a80806c4 100644 --- a/poppler/JBIG2Stream.cc +++ b/poppler/JBIG2Stream.cc @@ -3910,7 +3910,10 @@ void JBIG2Stream::readCodeTableSeg(unsigned int segNum, unsigned int length) huffTab[i].val = val; huffTab[i].prefixLen = huffDecoder->readBits(prefixBits); huffTab[i].rangeLen = huffDecoder->readBits(rangeBits); - val += 1 << huffTab[i].rangeLen; + if (unlikely(checkedAdd(val, 1 << huffTab[i].rangeLen, &val))) { + free(huffTab); + return; + } ++i; } if (i + oob + 3 > huffTabSize) { _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
