diff options
| author | Oliver Sander <oliver.sander@tu-dresden.de> | 2021-07-01 21:35:38 +0200 |
|---|---|---|
| committer | Oliver Sander <oliver.sander@tu-dresden.de> | 2021-07-01 21:35:38 +0200 |
| commit | 2b2808719d2c91283ae358381391bb0b37d9061d (patch) | |
| tree | aa09c6db1599329ad646519d128658eeac84152f | |
| parent | 571d8138cb9ccc9ac04219a6a552d8c78e93ad88 (diff) | |
JBIG2Stream: Do not abort if size-0 allocations returns nullptr
The JBIG2SymbolDict constructor gets a size parameter, and it allocates
memory for a bitmap of that size. Bug report 535
https://gitlab.freedesktop.org/poppler/poppler/-/issues/535
has a file where this size is 0. In that case, the call to
gmallocn_checkoverflow returns nullptr, and subsequent calls to
JBIG2SymbolDict::isOk return false. This is then interpreted
as an error, and the JBIG2 processing is aborted. For the
test file mentioned above this happens in line 1807.
I don't know whether such a file with a size-0 symbol dict
is malformed or not. However, the test file renders just fine
if the 'failing' allocation is simply ignored. This patch
therefore relaxes the isOk method a little. A JBIG2SymbolDict
object is now deemed 'ok' either if it holds a bitmap (that was
the previous test) *or if it has size 0*.
This fixes
https://gitlab.freedesktop.org/poppler/poppler/-/issues/535
| -rw-r--r-- | poppler/JBIG2Stream.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc index 937f35ed..6ee19847 100644 --- a/poppler/JBIG2Stream.cc +++ b/poppler/JBIG2Stream.cc @@ -967,7 +967,7 @@ public: unsigned int getSize() { return size; } void setBitmap(unsigned int idx, JBIG2Bitmap *bitmap) { bitmaps[idx] = bitmap; } JBIG2Bitmap *getBitmap(unsigned int idx) { return bitmaps[idx]; } - bool isOk() { return bitmaps != nullptr; } + bool isOk() { return bitmaps != nullptr || size == 0; } void setGenericRegionStats(JArithmeticDecoderStats *stats) { genericRegionStats = stats; } void setRefinementRegionStats(JArithmeticDecoderStats *stats) { refinementRegionStats = stats; } JArithmeticDecoderStats *getGenericRegionStats() { return genericRegionStats; } @@ -1329,6 +1329,7 @@ void JBIG2Stream::readSegments() switch (segType) { case 0: if (!readSymbolDictSeg(segNum, segLength, refSegs, nRefSegs)) { + error(errSyntaxError, curStr->getPos(), "readSymbolDictSeg reports syntax error!"); goto syntaxError; } break; |