1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
From 81044c64b9ed9a10ae82a28bac753060bdfdac74 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 15 Mar 2022 15:14:32 +0100
Subject: [PATCH] Hints::readTables: bail out if we run out of file when
reading
Fixes #1230
Reference:https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74
Conflict:NA
---
poppler/Hints.cc | 28 +++++++++++++++++++++-------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/poppler/Hints.cc b/poppler/Hints.cc
index 03e0f7e..90b8dee 100644
--- a/poppler/Hints.cc
+++ b/poppler/Hints.cc
@@ -5,7 +5,7 @@
// This file is licensed under the GPLv2 or later
//
// Copyright 2010, 2012 Hib Eris <hib@hiberis.nl>
-// Copyright 2010, 2011, 2013, 2014, 2016-2019 Albert Astals Cid <aacid@kde.org>
+// Copyright 2010, 2011, 2013, 2014, 2016-2019, 2021, 2022 Albert Astals Cid <aacid@kde.org>
// Copyright 2010, 2013 Pino Toscano <pino@kde.org>
// Copyright 2013 Adrian Johnson <ajohnson@redneon.com>
// Copyright 2014 Fabio D'Urso <fabiodurso@hotmail.it>
@@ -195,17 +195,31 @@ void Hints::readTables(BaseStream *str, Linearization *linearization, XRef *xref
char *p = &buf[0];
if (hintsOffset && hintsLength) {
- Stream *s = str->makeSubStream(hintsOffset, false, hintsLength, Object(objNull));
+ std::unique_ptr<Stream> s(str->makeSubStream(hintsOffset, false, hintsLength, Object(objNull)));
s->reset();
- for (unsigned int i=0; i < hintsLength; i++) { *p++ = s->getChar(); }
- delete s;
+ for (unsigned int i=0; i < hintsLength; i++) {
+ const int c = s->getChar();
+ if (unlikely(c == EOF)) {
+ error(errSyntaxWarning, -1, "Found EOF while reading hints");
+ ok = false;
+ return;
+ }
+ *p++ = c;
+ }
}
if (hintsOffset2 && hintsLength2) {
- Stream *s = str->makeSubStream(hintsOffset2, false, hintsLength2, Object(objNull));
+ std::unique_ptr<Stream> s(str->makeSubStream(hintsOffset2, false, hintsLength2, Object(objNull)));
s->reset();
- for (unsigned int i=0; i < hintsLength2; i++) { *p++ = s->getChar(); }
- delete s;
+ for (unsigned int i=0; i < hintsLength2; i++) {
+ const int c = s->getChar();
+ if (unlikely(c == EOF)) {
+ error(errSyntaxWarning, -1, "Found EOF while reading hints2");
+ ok = false;
+ return;
+ }
+ *p++ = c;
+ }
}
MemStream *memStream = new MemStream (&buf[0], 0, bufLength, Object(objNull));
--
2.27.0
|
