File CVE-2019-9959.patch of Package poppler.30206

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2019-9959.patch of Package poppler.30206

From 68ef84e5968a4249c2162b839ca6d7975048a557 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Mon, 15 Jul 2019 23:24:22 +0200
Subject: [PATCH] JPXStream::init: ignore dict Length if clearly broken

Fixes issue #805
---
 poppler/JPEG2000Stream.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: poppler-0.43.0/poppler/JPEG2000Stream.cc
===================================================================
--- poppler-0.43.0.orig/poppler/JPEG2000Stream.cc
+++ poppler-0.43.0/poppler/JPEG2000Stream.cc
@@ -201,7 +201,7 @@ void JPXStream::init()
   if (getDict()) getDict()->lookup("SMaskInData", &smaskInData);
 
   int bufSize = BUFFER_INITIAL_SIZE;
-  if (oLen.isInt()) bufSize = oLen.getInt();
+  if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt();
   oLen.free();
 
   if (cspace.isArray() && cspace.arrayGetLength() > 0) {
@@ -368,7 +368,7 @@ void JPXStream::init()
   if (getDict()) getDict()->lookup("SMaskInData", &smaskInData);
 
   int bufSize = BUFFER_INITIAL_SIZE;
-  if (oLen.isInt()) bufSize = oLen.getInt();
+  if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt();
   oLen.free();
 
   if (cspace.isArray() && cspace.arrayGetLength() > 0) {

Places

File CVE-2019-9959.patch of Package poppler.30206

Places