b99c78bb0f
Add poppler-0.15.0-CVE-2010-3702.patch (Properly initialize parser) Add poppler-0.15.0-CVE-2010-3703.patch (Properly initialize stack) Add poppler-0.15.0-CVE-2010-3704.patch (Fix crash in broken pdf (code < 0)) Resolves: #639861
29 lines
969 B
Diff
29 lines
969 B
Diff
--- poppler-0.15.0/fofi/FoFiType1.cc 2010-07-24 01:18:27.000000000 +0200
|
|
+++ poppler-0.15.0/fofi/FoFiType1.cc 2010-10-07 12:44:51.000000000 +0200
|
|
@@ -13,7 +13,7 @@
|
|
// All changes made under the Poppler project to this file are licensed
|
|
// under GPL version 2 or later
|
|
//
|
|
-// Copyright (C) 2005, 2008 Albert Astals Cid <aacid@kde.org>
|
|
+// Copyright (C) 2005, 2008, 2010 Albert Astals Cid <aacid@kde.org>
|
|
// Copyright (C) 2005 Kristian Høgsberg <krh@redhat.com>
|
|
// Copyright (C) 2010 Jakub Wilk <ubanus@users.sf.net>
|
|
//
|
|
@@ -31,6 +31,7 @@
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include "goo/gmem.h"
|
|
+#include "goo/GooLikely.h"
|
|
#include "FoFiEncodings.h"
|
|
#include "FoFiType1.h"
|
|
#include "poppler/Error.h"
|
|
@@ -243,7 +244,7 @@ void FoFiType1::parse() {
|
|
code = code * 8 + (*p2 - '0');
|
|
}
|
|
}
|
|
- if (code < 256) {
|
|
+ if (likely(code < 256 && code >= 0)) {
|
|
for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
|
|
if (*p == '/') {
|
|
++p;
|