summaryrefslogtreecommitdiff
path: root/backport-CVE-2020-23804.patch
diff options
context:
space:
mode:
Diffstat (limited to 'backport-CVE-2020-23804.patch')
-rw-r--r--backport-CVE-2020-23804.patch37
1 files changed, 0 insertions, 37 deletions
diff --git a/backport-CVE-2020-23804.patch b/backport-CVE-2020-23804.patch
deleted file mode 100644
index 7f2262c..0000000
--- a/backport-CVE-2020-23804.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From ec8a43c8df29fdd6f1228276160898ccd9401c92 Mon Sep 17 00:00:00 2001
-From: Albert Astals Cid <aacid@kde.org>
-Date: Sat, 4 Jul 2020 00:08:55 +0200
-Subject: [PATCH] Fix stack overflow with specially crafted files
-
-The file is not malformed per se, it just has a huge XRefStm chain
-and we end up exhausting the stack space trying to parse them all.
-
-Having more than 4096 XRefStm seems like won't really happen on real
-life so break the flow at that point
-
-Fixes #936
-
----
- poppler/XRef.cc | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/poppler/XRef.cc b/poppler/XRef.cc
-index 5943bdd..fe8936e 100644
---- a/poppler/XRef.cc
-+++ b/poppler/XRef.cc
-@@ -633,6 +633,12 @@ bool XRef::readXRefTable(Parser *parser, Goffset *pos, std::vector<Goffset> *fol
- ok = false;
- }
- }
-+ // Arbitrary limit because otherwise we exhaust the stack
-+ // calling readXRef + readXRefTable
-+ if (followedXRefStm->size() > 4096) {
-+ error(errSyntaxError, -1, "File has more than 4096 XRefStm, aborting");
-+ ok = false;
-+ }
- if (ok) {
- followedXRefStm->push_back(pos2);
- readXRef(&pos2, followedXRefStm, xrefStreamObjsNum);
---
-2.33.0
-
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-29 01:03:26 +0000