Overview

File poppler-CVE-2010-3704.patch of Package poppler

Index: poppler-0.12.3/fofi/FoFiType1.cc
===================================================================
--- poppler-0.12.3.orig/fofi/FoFiType1.cc
+++ poppler-0.12.3/fofi/FoFiType1.cc
@@ -13,7 +13,7 @@
 // All changes made under the Poppler project to this file are licensed
 // under GPL version 2 or later
 //
-// Copyright (C) 2005, 2008 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2005, 2008, 2010 Albert Astals Cid <aacid@kde.org>
 // Copyright (C) 2005 Kristian Høgsberg <krh@redhat.com>
 //
 // To see a description of the changes please see the Changelog file that
@@ -33,6 +33,7 @@
 #include "FoFiEncodings.h"
 #include "FoFiType1.h"
 #include "poppler/Error.h"
+#include "poppler/Object.h"
 
 //------------------------------------------------------------------------
 // FoFiType1
@@ -241,7 +242,7 @@ void FoFiType1::parse() {
 		code = code * 8 + (*p2 - '0');
 	      }
 	    }
-	    if (code < 256) {
+	    if (likely(code < 256 && code >= 0)) {
 	      for (p = p2; *p == ' ' || *p == '\t'; ++p) ;
 	      if (*p == '/') {
 		++p;
openSUSE Build Service is sponsored by
Places