Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
poppler.23803
CVE-2017-1000456.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-1000456.patch of Package poppler.23803
From 7ee9dadef37b20bca707a6b1e858e17d191e368b Mon Sep 17 00:00:00 2001 From: Jason Crain <jason@inspiresomeone.us> Date: Thu, 5 Oct 2017 15:32:13 -0500 Subject: TextOutputDev: Fix crash in fuzzed file This file crashes pdftotext because it positions texts past INT_MIN, leading to overflow in subsequent calculations. Bug #103116 --- poppler/TextOutputDev.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) Index: poppler-0.43.0/poppler/TextOutputDev.cc =================================================================== --- poppler-0.43.0.orig/poppler/TextOutputDev.cc 2018-06-06 09:17:48.943044591 +0000 +++ poppler-0.43.0/poppler/TextOutputDev.cc 2018-06-06 09:18:00.840260159 +0000 @@ -889,11 +889,11 @@ void TextPool::addWord(TextWord *word) { TextWord *w0, *w1; // expand the array if needed - if (unlikely((word->base / textPoolStep) > INT_MAX)) { - error(errSyntaxWarning, -1, "word->base / textPoolStep > INT_MAX"); + wordBaseIdx = (int)(word->base / textPoolStep); + if (unlikely(wordBaseIdx <= INT_MIN + 128 || wordBaseIdx >= INT_MAX - 128)) { + error(errSyntaxWarning, -1, "wordBaseIdx out of range"); return; } - wordBaseIdx = (int)(word->base / textPoolStep); if (minBaseIdx > maxBaseIdx) { minBaseIdx = wordBaseIdx - 128; maxBaseIdx = wordBaseIdx + 128;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor