[poppler] poppler/JBIG2Stream.cc

Fri, 02 Jul 2021 00:48:18 -0700 

 poppler/JBIG2Stream.cc |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

New commits:
commit 2b2808719d2c91283ae358381391bb0b37d9061d
Author: Oliver Sander <[email protected]>
Date:   Thu Jul 1 21:35:38 2021 +0200

    JBIG2Stream: Do not abort if size-0 allocations returns nullptr
    
    The JBIG2SymbolDict constructor gets a size parameter, and it allocates
    memory for a bitmap of that size.  Bug report 535
    
      https://gitlab.freedesktop.org/poppler/poppler/-/issues/535
    
    has a file where this size is 0.  In that case, the call to
    gmallocn_checkoverflow returns nullptr, and subsequent calls to
    JBIG2SymbolDict::isOk return false.  This is then interpreted
    as an error, and the JBIG2 processing is aborted.  For the
    test file mentioned above this happens in line 1807.
    
    I don't know whether such a file with a size-0 symbol dict
    is malformed or not.  However, the test file renders just fine
    if the 'failing' allocation is simply ignored.  This patch
    therefore relaxes the isOk method a little.  A JBIG2SymbolDict
    object is now deemed 'ok' either if it holds a bitmap (that was
    the previous test) *or if it has size 0*.
    
    This fixes
    
      https://gitlab.freedesktop.org/poppler/poppler/-/issues/535

diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 937f35ed..6ee19847 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -967,7 +967,7 @@ public:
     unsigned int getSize() { return size; }
     void setBitmap(unsigned int idx, JBIG2Bitmap *bitmap) { bitmaps[idx] = 
bitmap; }
     JBIG2Bitmap *getBitmap(unsigned int idx) { return bitmaps[idx]; }
-    bool isOk() { return bitmaps != nullptr; }
+    bool isOk() { return bitmaps != nullptr || size == 0; }
     void setGenericRegionStats(JArithmeticDecoderStats *stats) { 
genericRegionStats = stats; }
     void setRefinementRegionStats(JArithmeticDecoderStats *stats) { 
refinementRegionStats = stats; }
     JArithmeticDecoderStats *getGenericRegionStats() { return 
genericRegionStats; }
@@ -1329,6 +1329,7 @@ void JBIG2Stream::readSegments()
         switch (segType) {
         case 0:
             if (!readSymbolDictSeg(segNum, segLength, refSegs, nRefSegs)) {
+                error(errSyntaxError, curStr->getPos(), "readSymbolDictSeg 
reports syntax error!");
                 goto syntaxError;
             }
             break;
_______________________________________________
poppler mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/poppler

Reply via email to