Fix infinite loop in JBIG2Decoder

Bug 23025 Also fixes problems in bug-poppler6881-2.pdf and bug-poppler6500.pdf
author: David Benjamin <davidben@mit.edu> 2009-09-09 01:19:38 +0200
committer: Albert Astals Cid <aacid@kde.org> 2009-09-09 01:21:49 +0200
commit: e950107006a3b1889646d3705323c1b3d41eaa49 (patch)
tree: b9c5b4c4f06ebd8d18481f23dfc1dfef5360b4e3 /poppler/JBIG2Stream.cc
parent: 1cb25a4adaaf3e2da50724312a3db6928991f425 (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index fec0e2d8..97994bd2 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -1587,12 +1587,15 @@ GBool JBIG2Stream::readSymbolDictSeg(Guint segNum, Guint length,
     goto eofError;
   }
 
-  // compute symbol code length
+  // compute symbol code length, per 6.5.8.2.3
+  //  symCodeLen = ceil( log2( numInputSyms + numNewSyms ) )
   symCodeLen = 1;
-  i = (numInputSyms + numNewSyms) >> 1;
-  while (i) {
-    ++symCodeLen;
-    i >>= 1;
+  if (likely(numInputSyms + numNewSyms > 0)) { // don't fail too badly if the sum is 0
+    i = (numInputSyms + numNewSyms - 1) >> 1;
+    while (i) {
+      ++symCodeLen;
+      i >>= 1;
+    }
   }
 
   // get the input symbol bitmaps
author	David Benjamin <davidben@mit.edu>	2009-09-09 01:19:38 +0200
committer	Albert Astals Cid <aacid@kde.org>	2009-09-09 01:21:49 +0200
commit	e950107006a3b1889646d3705323c1b3d41eaa49 (patch)
tree	b9c5b4c4f06ebd8d18481f23dfc1dfef5360b4e3 /poppler/JBIG2Stream.cc
parent	1cb25a4adaaf3e2da50724312a3db6928991f425 (diff)