poppler/JBIG2Stream.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
New commits: commit c38694aed09336232757316321d2fa84c5f2bf57 Author: Albert Astals Cid <[email protected]> Date: Thu Dec 17 19:36:05 2020 +0100 Fix integer overflow on broken files oss-fuzz/28749 diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc index ae7d6306..1e19198a 100644 --- a/poppler/JBIG2Stream.cc +++ b/poppler/JBIG2Stream.cc @@ -591,7 +591,13 @@ JBIG2Bitmap::JBIG2Bitmap(unsigned int segNumA, int wA, int hA) : JBIG2Segment(se { w = wA; h = hA; - line = (wA + 7) >> 3; + int auxW; + if (unlikely(checkedAdd(wA, 7, &auxW))) { + error(errSyntaxError, -1, "invalid width"); + data = nullptr; + return; + } + line = auxW >> 3; if (w <= 0 || h <= 0 || line <= 0 || h >= (INT_MAX - 1) / line) { error(errSyntaxError, -1, "invalid width/height"); _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
