Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
poppler-qt5.30684
CVE-2017-18267.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-18267.patch of Package poppler-qt5.30684
From 60b4fe65bc9dc9b82bbadf0be2e3781be796a13d Mon Sep 17 00:00:00 2001 From: Albert Astals Cid <aacid@kde.org> Date: Tue, 1 May 2018 02:46:17 +0200 Subject: FoFiType1C::cvtGlyph: Fix infinite recursion on malformed documents Bugs #104942, #103238 --- fofi/FoFiType1C.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fofi/FoFiType1C.cc b/fofi/FoFiType1C.cc index 03e77993..b14561ff 100644 --- a/fofi/FoFiType1C.cc +++ b/fofi/FoFiType1C.cc @@ -13,7 +13,7 @@ // All changes made under the Poppler project to this file are licensed // under GPL version 2 or later // -// Copyright (C) 2009, 2010, 2017 Albert Astals Cid <aacid@kde.org> +// Copyright (C) 2009, 2010, 2017, 2018 Albert Astals Cid <aacid@kde.org> // Copyright (C) 2012 Thomas Freitag <Thomas.Freitag@alfa.de> // // To see a description of the changes please see the Changelog file that @@ -32,6 +32,7 @@ #include <math.h> #include "goo/gmem.h" #include "goo/gstrtod.h" +#include "goo/GooLikely.h" #include "goo/GooString.h" #include "poppler/Error.h" #include "FoFiEncodings.h" @@ -1361,7 +1362,7 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf, --nOps; ok = gTrue; getIndexVal(subrIdx, k, &val, &ok); - if (ok) { + if (likely(ok && val.pos != offset)) { cvtGlyph(val.pos, val.len, charBuf, subrIdx, pDict, gFalse); } } else { @@ -1596,7 +1597,7 @@ void FoFiType1C::cvtGlyph(int offset, int nBytes, GooString *charBuf, --nOps; ok = gTrue; getIndexVal(&gsubrIdx, k, &val, &ok); - if (ok) { + if (likely(ok && val.pos != offset)) { cvtGlyph(val.pos, val.len, charBuf, subrIdx, pDict, gFalse); } } else { -- cgit v1.2.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor