fofi/FoFiTrueType.cc | 4 ++++ poppler/XRef.cc | 4 ++++ 2 files changed, 8 insertions(+)
New commits: commit 3252bc323c814eb010df011024f06597755b4b7d Author: Albert Astals Cid <[email protected]> Date: Sun Jan 10 20:15:39 2021 +0100 Don't try to read xref at negative stream positions oss-fuzz/29460 diff --git a/poppler/XRef.cc b/poppler/XRef.cc index 79cf25fc..77a6752f 100644 --- a/poppler/XRef.cc +++ b/poppler/XRef.cc @@ -468,6 +468,10 @@ bool XRef::readXRef(Goffset *pos, std::vector<Goffset> *followedXRefStm, std::ve ok = false; return false; } + if (parsePos < 0) { + ok = false; + return false; + } // start up a parser, parse one token parser = new Parser(nullptr, str->makeSubStream(parsePos, false, 0, Object(objNull)), true); commit fec79bfc7ed1573a8d92ac77bcb225dd032db296 Author: Albert Astals Cid <[email protected]> Date: Sun Jan 10 19:45:23 2021 +0100 FoFiTrueType::cvtSfnts: Fix uninitialized memory read on broken files oss-fuzz/29386 diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc index a1396c55..3d4dd724 100644 --- a/fofi/FoFiTrueType.cc +++ b/fofi/FoFiTrueType.cc @@ -1301,6 +1301,10 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc, void *outputStream, const ++k; } } + if (unlikely(k < nNewTables)) { + error(errSyntaxWarning, -1, "unexpected number of tables"); + nNewTables = k; + } // construct the table directory tableDir[0] = 0x00; // sfnt version _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
