diff options
author | Jose Aliste <jaliste@src.gnome.org> | 2017-05-16 18:44:49 -0400 |
---|---|---|
committer | Albert Astals Cid <aacid@kde.org> | 2017-06-21 22:31:20 +0200 |
commit | 3a2759aa2a98c2157cb35731b95e393b8882f8d3 (patch) | |
tree | 2532bbc3b692fa2315b767be0933879aebbf2a9b | |
parent | d9c88e1c8892c79b8865a0dabdcc0d3ffd55c195 (diff) |
Check numComps is between reasonable bounds
Before this patch, some PDF might crash because of an overflow
if numComps does not lie between 0 and 4.
This is a security fix for CVE-2017-0319.
-rw-r--r-- | poppler/Stream.cc | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/poppler/Stream.cc b/poppler/Stream.cc index d93c560e..e3d5cf6a 100644 --- a/poppler/Stream.cc +++ b/poppler/Stream.cc @@ -32,6 +32,7 @@ // Copyright (C) 2013 Pino Toscano <pino@kde.org> // Copyright (C) 2015 Suzuki Toshiya <mpsuzuki@hiroshima-u.ac.jp> // Copyright (C) 2015 Jason Crain <jason@aquaticape.us> +// Copyright (C) 2017 Jose Aliste <jaliste@src.gnome.org> // // To see a description of the changes please see the Changelog file that // came with your tarball or type make ChangeLog if you are building from git @@ -3585,6 +3586,12 @@ GBool DCTStream::readProgressiveSOF() { height = read16(); width = read16(); numComps = str->getChar(); + + if (numComps <= 0 || numComps > 4) { + error(errSyntaxError, getPos(), "Bad number of components in DCT stream"); + numComps = 0; + return gFalse; + } if (prec != 8) { error(errSyntaxError, getPos(), "Bad DCT precision {0:d}", prec); return gFalse; |