poppler/JBIG2Stream.cc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
New commits: commit 2b82271415000e776b54f0214d564d28170d9c6b Author: Albert Astals Cid <[email protected]> Date: Wed Jan 6 00:06:03 2021 +0100 JBIG2Stream::readTextRegion: Fix yet another potential integer overflow oss-fuzz/27783 diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc index db46b1ae..111fac02 100644 --- a/poppler/JBIG2Stream.cc +++ b/poppler/JBIG2Stream.cc @@ -2316,7 +2316,9 @@ std::unique_ptr<JBIG2Bitmap> JBIG2Stream::readTextRegion(bool huff, bool refine, if (decodeSuccess && syms[symID]) { refDX = ((rdw >= 0) ? rdw : rdw - 1) / 2 + rdx; - refDY = ((rdh >= 0) ? rdh : rdh - 1) / 2 + rdy; + if (checkedAdd(((rdh >= 0) ? rdh : rdh - 1) / 2, rdy, &refDY)) { + return nullptr; + } symbolBitmap = readGenericRefinementRegion(rdw + syms[symID]->getWidth(), rdh + syms[symID]->getHeight(), templ, false, syms[symID], refDX, refDY, atx, aty).release(); } _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
