diff options
author | Albert Astals Cid <aacid@kde.org> | 2010-11-02 19:14:34 +0000 |
---|---|---|
committer | Albert Astals Cid <aacid@kde.org> | 2010-11-02 19:15:45 +0000 |
commit | 09d97175342619ce889f0e1d0b3fd62774d5eda9 (patch) | |
tree | 0097802290537452a04494e20a54c9beed6c77bd | |
parent | d1a1cdf24ee836804721bb637cb684594683f0fd (diff) |
Fix crash in broken documents
mapLen = (code + 256) & ~255; can wrap and you end up with mapLen < code
that is not what you wanted
-rw-r--r-- | poppler/CharCodeToUnicode.cc | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/poppler/CharCodeToUnicode.cc b/poppler/CharCodeToUnicode.cc index 1835ddd4..3cfa4020 100644 --- a/poppler/CharCodeToUnicode.cc +++ b/poppler/CharCodeToUnicode.cc @@ -13,7 +13,7 @@ // All changes made under the Poppler project to this file are licensed // under GPL version 2 or later // -// Copyright (C) 2006, 2008, 2009 Albert Astals Cid <aacid@kde.org> +// Copyright (C) 2006, 2008-2010 Albert Astals Cid <aacid@kde.org> // Copyright (C) 2007 Julien Rebetez <julienr@svn.gnome.org> // Copyright (C) 2007 Koji Otani <sho@bbr.jp> // Copyright (C) 2008 Michael Vrable <mvrable@cs.ucsd.edu> @@ -36,6 +36,7 @@ #include <string.h> #include "goo/gmem.h" #include "goo/gfile.h" +#include "goo/GooLikely.h" #include "goo/GooString.h" #include "Error.h" #include "GlobalParams.h" @@ -366,10 +367,15 @@ void CharCodeToUnicode::addMapping(CharCode code, char *uStr, int n, if (code >= mapLen) { oldLen = mapLen; mapLen = (code + 256) & ~255; - map = (Unicode *)greallocn(map, mapLen, sizeof(Unicode)); - for (i = oldLen; i < mapLen; ++i) { - map[i] = 0; - } + if (unlikely(code >= mapLen)) { + error(-1, "Illegal code value in CharCodeToUnicode::addMapping"); + return; + } else { + map = (Unicode *)greallocn(map, mapLen, sizeof(Unicode)); + for (i = oldLen; i < mapLen; ++i) { + map[i] = 0; + } + } } if (n <= 4) { if (sscanf(uStr, "%x", &u) != 1) { |