poppler/XRef.cc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
New commits: commit 751deb8ae3df1bc316fa17c83ca573233586b41f Author: Albert Astals Cid <[email protected]> Date: Sun Nov 29 00:01:48 2020 +0100 XRef::removeIndirectObject: Fix overflow of gen Also make the check in XRef::addIndirectObject that looks for a free and usable entry a bit more robust (!= to <) than 65535 oss-fuzz/28032 diff --git a/poppler/XRef.cc b/poppler/XRef.cc index b92c925b..30a1d1b1 100644 --- a/poppler/XRef.cc +++ b/poppler/XRef.cc @@ -1349,7 +1349,7 @@ Ref XRef::addIndirectObject(const Object *o) int entryIndexToUse = -1; for (int i = 1; entryIndexToUse == -1 && i < size; ++i) { XRefEntry *e = getEntry(i, false /* complainIfMissing */); - if (e->type == xrefEntryFree && e->gen != 65535) { + if (e->type == xrefEntryFree && e->gen < 65535) { entryIndexToUse = i; } } @@ -1389,7 +1389,9 @@ void XRef::removeIndirectObject(Ref r) } e->obj.~Object(); e->type = xrefEntryFree; - e->gen++; + if (likely(e->gen < 65535)) { + e->gen++; + } e->setFlag(XRefEntry::Updated, true); setModified(); } _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
