Michael J Gruber
7 years ago
parent
da88d59031
commit
8579757839
@ -0,0 +1,43 @@
|
||||
From 5e411a99604ff6be5db9e273ee84737204113299 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <5e411a99604ff6be5db9e273ee84737204113299.1518615489.git.mjg@fedoraproject.org>
|
||||
From: Sebastian Rasmussen <sebras@gmail.com>
|
||||
Date: Tue, 30 Jan 2018 02:05:57 +0100
|
||||
Subject: [PATCH] Bug 698916: Indirect object numbers must be in range.
|
||||
|
||||
Signed-off-by: Michael J Gruber <mjg@fedoraproject.org>
|
||||
---
|
||||
source/pdf/pdf-parse.c | 2 ++
|
||||
source/pdf/pdf-xref.c | 4 ++--
|
||||
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c
|
||||
index 7904ebd7..b4783ae8 100644
|
||||
--- a/source/pdf/pdf-parse.c
|
||||
+++ b/source/pdf/pdf-parse.c
|
||||
@@ -623,6 +623,8 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_document *doc,
|
||||
fz_throw(ctx, FZ_ERROR_SYNTAX, "expected object number");
|
||||
}
|
||||
num = buf->i;
|
||||
+ if (num < 0 || num > PDF_MAX_OBJECT_NUMBER)
|
||||
+ fz_throw(ctx, FZ_ERROR_SYNTAX, "object number out of range");
|
||||
|
||||
tok = pdf_lex(ctx, file, buf);
|
||||
if (tok != PDF_TOK_INT)
|
||||
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
|
||||
index 4997ebe5..cfcd0a21 100644
|
||||
--- a/source/pdf/pdf-xref.c
|
||||
+++ b/source/pdf/pdf-xref.c
|
||||
@@ -228,8 +228,8 @@ pdf_xref_entry *pdf_get_populating_xref_entry(fz_context *ctx, pdf_document *doc
|
||||
}
|
||||
|
||||
/* Prevent accidental heap underflow */
|
||||
- if (num < 0)
|
||||
- fz_throw(ctx, FZ_ERROR_GENERIC, "object number must not be negative (%d)", num);
|
||||
+ if (num < 0 || num > PDF_MAX_OBJECT_NUMBER)
|
||||
+ fz_throw(ctx, FZ_ERROR_GENERIC, "object number out of range (%d)", num);
|
||||
|
||||
/* Return the pointer to the entry in the last section. */
|
||||
xref = &doc->xref_sections[doc->num_xref_sections-1];
|
||||
--
|
||||
2.16.1.312.g365a692731
|
||||
|
||||
Loading…
Reference in new issue