PSOutputDev: fix a few integer overflows

Now that we have oss-fuzz coverage i guess more will be coming soon ^_^ oss-fuzz/29199
author: Albert Astals Cid <aacid@kde.org> 2021-01-03 19:20:45 +0100
committer: Albert Astals Cid <aacid@kde.org> 2021-01-03 19:20:45 +0100
commit: bc6acbfff6afa7d720abe7f79abe02e5a6591ef4 (patch)
tree: 56b6fadc877769f879682dec3e1ff762dfbd1fd0 /poppler/PSOutputDev.cc
parent: af267b33cc42ccb9d1a89e06fed1481657c4b3f0 (diff)
1 files changed, 9 insertions, 2 deletions
diff --git a/poppler/PSOutputDev.cc b/poppler/PSOutputDev.cc
index e97cb501..19c1960f 100644
--- a/poppler/PSOutputDev.cc
+++ b/poppler/PSOutputDev.cc
@@ -1185,7 +1185,11 @@ static const StandardMedia standardMedia[] = { { "A0", 2384, 3371 },      { "A1"
 /* PLRM specifies a tolerance of 5 points when matching page sizes */
 static bool pageDimensionEqual(int a, int b)
 {
-    return (abs(a - b) < 5);
+    int aux;
+    if (unlikely(checkedSubtraction(a, b, &aux))) {
+        return false;
+    }
+    return (abs(aux) < 5);
 }
 
 // Shared initialization of PSOutputDev members.
@@ -3676,7 +3680,10 @@ void PSOutputDev::startPage(int pageNum, GfxState *state, XRef *xrefA)
         y1 = (int)floor(state->getY1());
         x2 = (int)ceil(state->getX2());
         y2 = (int)ceil(state->getY2());
-        width = x2 - x1;
+        if (unlikely(checkedSubtraction(x2, x1, &width))) {
+            error(errSyntaxError, -1, "width too big");
+            return;
+        }
         height = y2 - y1;
         tx = ty = 0;
         // rotation and portrait/landscape mode
author	Albert Astals Cid <aacid@kde.org>	2021-01-03 19:20:45 +0100
committer	Albert Astals Cid <aacid@kde.org>	2021-01-03 19:20:45 +0100
commit	bc6acbfff6afa7d720abe7f79abe02e5a6591ef4 (patch)
tree	56b6fadc877769f879682dec3e1ff762dfbd1fd0 /poppler/PSOutputDev.cc
parent	af267b33cc42ccb9d1a89e06fed1481657c4b3f0 (diff)