Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.0:Staging:D
mupdf
CVE-2018-6192.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-6192.patch of Package mupdf
From 5e411a99604ff6be5db9e273ee84737204113299 Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen <sebras@gmail.com> Date: Tue, 30 Jan 2018 02:05:57 +0100 Subject: [PATCH] Bug 698916: Indirect object numbers must be in range. --- source/pdf/pdf-parse.c | 2 ++ source/pdf/pdf-xref.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) Index: mupdf-1.12.0-source/source/pdf/pdf-parse.c =================================================================== --- mupdf-1.12.0-source.orig/source/pdf/pdf-parse.c +++ mupdf-1.12.0-source/source/pdf/pdf-parse.c @@ -616,6 +616,8 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_d fz_throw(ctx, FZ_ERROR_SYNTAX, "expected object number"); } num = buf->i; + if (num < 0 || num > PDF_MAX_OBJECT_NUMBER) + fz_throw(ctx, FZ_ERROR_SYNTAX, "object number out of range"); tok = pdf_lex(ctx, file, buf); if (tok != PDF_TOK_INT) Index: mupdf-1.12.0-source/source/pdf/pdf-xref.c =================================================================== --- mupdf-1.12.0-source.orig/source/pdf/pdf-xref.c +++ mupdf-1.12.0-source/source/pdf/pdf-xref.c @@ -234,8 +234,8 @@ pdf_xref_entry *pdf_get_populating_xref_ } /* Prevent accidental heap underflow */ - if (num < 0) - fz_throw(ctx, FZ_ERROR_GENERIC, "object number must not be negative (%d)", num); + if (num < 0 || num > PDF_MAX_OBJECT_NUMBER) + fz_throw(ctx, FZ_ERROR_GENERIC, "object number out of range (%d)", num); /* Return the pointer to the entry in the last section. */ xref = &doc->xref_sections[doc->num_xref_sections-1];
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor