Sophie: poppler-0.26.5-2.9.mga5 src

poppler-0.26.5-2.9.mga5.src.rpm

Info
Deps
Files
Scripts
ChangeLog
Location
Others versions
Analyse

Backport of:

From 75c84350958d67cc15d12d3dbc858b257971e399 Mon Sep 17 00:00:00 2001
From: Jason Crain <jason@inspiresomeone.us>
Date: Thu, 5 Oct 2017 15:32:13 -0500
Subject: [PATCH] Fix crash in fuzzed file

This file crashes pdftotext because it positions texts past INT_MIN,
leading to overflow in subsequent calculations.

Bug #103116
diff --git a/poppler/TextOutputDev.cc b/poppler/TextOutputDev.cc
index 4adb3c2..d6ce0a0 100644
--- a/poppler/TextOutputDev.cc
+++ b/poppler/TextOutputDev.cc
@@ -623,6 +623,10 @@ void TextPool::addWord(TextWord *word) {
 
   // expand the array if needed
   wordBaseIdx = (int)(word->base / textPoolStep);
+  if (unlikely(wordBaseIdx <= INT_MIN + 128 || wordBaseIdx >= INT_MAX - 128)) {
+      error(errSyntaxWarning, -1, "wordBaseIdx out of range");
+       return;
+  }
   if (minBaseIdx > maxBaseIdx) {
     minBaseIdx = wordBaseIdx - 128;
     maxBaseIdx = wordBaseIdx + 128;