mirror of
git://slackware.nl/current.git
synced 2024-12-31 10:28:29 +01:00
ca8c1d3c22
patches/packages/poppler-21.12.0-x86_64-2_slack15.0.txz: Rebuilt.
[PATCH] JBIG2Stream: Fix crash on broken file.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860
(* Security fix *)
29 lines
1.2 KiB
Diff
29 lines
1.2 KiB
Diff
From 27354e9d9696ee2bc063910a6c9a6b27c5184a52 Mon Sep 17 00:00:00 2001
|
|
From: Albert Astals Cid <aacid@kde.org>
|
|
Date: Thu, 25 Aug 2022 00:14:22 +0200
|
|
Subject: [PATCH] JBIG2Stream: Fix crash on broken file
|
|
|
|
https://github.com/jeffssh/CVE-2021-30860
|
|
|
|
Thanks to David Warren for the heads up
|
|
---
|
|
poppler/JBIG2Stream.cc | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
|
|
index 662276e5..9f70431d 100644
|
|
--- a/poppler/JBIG2Stream.cc
|
|
+++ b/poppler/JBIG2Stream.cc
|
|
@@ -1976,7 +1976,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
|
|
for (i = 0; i < nRefSegs; ++i) {
|
|
if ((seg = findSegment(refSegs[i]))) {
|
|
if (seg->getType() == jbig2SegSymbolDict) {
|
|
- numSyms += ((JBIG2SymbolDict *)seg)->getSize();
|
|
+ const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
|
|
+ if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
|
|
+ error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
|
|
+ return;
|
|
+ }
|
|
} else if (seg->getType() == jbig2SegCodeTable) {
|
|
codeTables.push_back(seg);
|
|
}
|