File CVE-2016-6265.patch of Package mupdf

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2016-6265.patch of Package mupdf

X-Git-Url: http://git.ghostscript.com/?p=mupdf.git;a=blobdiff_plain;f=source%2Fpdf%2Fpdf-xref.c;h=32225998178b7c4d465046ff5158a3796103d73d;hp=576c315de2a30cfd553652bfa82521edb07043c2;hb=fa1936405b6a84e5c9bb440912c23d532772f958;hpb=e98091d56afdf1cf6c9a017fa0bd35dd0b8968f0

diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
index 576c315..3222599 100644
--- a/source/pdf/pdf-xref.c
+++ b/source/pdf/pdf-xref.c
@@ -1184,8 +1184,14 @@ pdf_load_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf)
 				fz_throw(ctx, FZ_ERROR_GENERIC, "object offset out of range: %d (%d 0 R)", (int)entry->ofs, i);
 		}
 		if (entry->type == 'o')
-			if (entry->ofs <= 0 || entry->ofs >= xref_len || pdf_get_xref_entry(ctx, doc, entry->ofs)->type != 'n')
-				fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)entry->ofs, i);
+		{
+			/* Read this into a local variable here, because pdf_get_xref_entry
+			 * may solidify the xref, hence invalidating "entry", meaning we
+			 * need a stashed value for the throw. */
+			fz_off_t ofs = entry->ofs;
+			if (ofs <= 0 || ofs >= xref_len || pdf_get_xref_entry(ctx, doc, ofs)->type != 'n')
+				fz_throw(ctx, FZ_ERROR_GENERIC, "invalid reference to an objstm that does not exist: %d (%d 0 R)", (int)ofs, i);
+		}
 	}
 }

Places

File CVE-2016-6265.patch of Package mupdf

Places