poppler/Hints.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
New commits: commit c85a85423e3fe0c914d0a5b3f3e9e3ba3205fb79 Author: Hib Eris <[email protected]> Date: Fri Jul 16 15:25:52 2021 +0200 Validate input from page offset hints table Fixes: https://gitlab.freedesktop.org/poppler/poppler/-/issues/343 diff --git a/poppler/Hints.cc b/poppler/Hints.cc index 3a7a041b..c4f281ec 100644 --- a/poppler/Hints.cc +++ b/poppler/Hints.cc @@ -4,7 +4,7 @@ // // This file is licensed under the GPLv2 or later // -// Copyright 2010, 2012 Hib Eris <[email protected]> +// Copyright 2010, 2012, 2013 Hib Eris <[email protected]> // Copyright 2010, 2011, 2013, 2014, 2016-2019 Albert Astals Cid <[email protected]> // Copyright 2010, 2013 Pino Toscano <[email protected]> // Copyright 2013 Adrian Johnson <[email protected]> @@ -283,6 +283,11 @@ bool Hints::readPageOffsetTable(Stream *str) denominator = sbr.readBits(16); + if ((nBitsDiffPageLength > 32) || (nBitsOffsetStream > 32) || (nBitsLengthStream > 32) || (nBitsNumShared > 32) || (nBitsShared > 32) || (nBitsNumerator > 32)) { + error(errSyntaxWarning, -1, "Invalid number of bits reading page offset hints table"); + return false; + } + for (int i = 0; i < nPages && !sbr.atEOF(); i++) { nObjects[i] = nObjectLeast + sbr.readBits(nBitsDiffObjects); } _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
