Overview

File poppler-CVE-2018-16646.patch of Package poppler.31743

Index: poppler-0.43.0/poppler/Parser.cc
===================================================================
--- poppler-0.43.0.orig/poppler/Parser.cc
+++ poppler-0.43.0/poppler/Parser.cc
@@ -202,6 +202,18 @@ Stream *Parser::makeStream(Object *dict,
   Stream *str;
   Goffset length;
   Goffset pos, endPos;
+  XRefEntry *entry;
+
+  if (xref && (entry = xref->getEntry(objNum, false))) {
+    if (!entry->getFlag(XRefEntry::Parsing) ||
+        (objNum == 0 && objGen == 0)) {
+      entry->setFlag(XRefEntry::Parsing, true);
+    } else {
+      error(errSyntaxError, getPos(),
+            "Object '{0:d} {1:d} obj' is being already parsed", objNum, objGen);
+      return NULL;
+    }
+  }
 
   // get stream start position
   lexer->skipToNextLine();
@@ -281,6 +293,9 @@ Stream *Parser::makeStream(Object *dict,
   // get filters
   str = str->addFilters(dict, recursion);
 
+  if (entry)
+    entry->setFlag(XRefEntry::Parsing, false);
+
   return str;
 }
 
Index: poppler-0.43.0/poppler/XRef.h
===================================================================
--- poppler-0.43.0.orig/poppler/XRef.h
+++ poppler-0.43.0/poppler/XRef.h
@@ -69,6 +69,7 @@ struct XRefEntry {
   enum Flag {
     // Regular flags
     Updated,     // Entry was modified
+    Parsing,     // Entry is currently being parsed
 
     // Special flags -- available only after xref->scanSpecialFlags() is run
     Unencrypted, // Entry is stored in unencrypted form (meaningless in unencrypted documents)
openSUSE Build Service is sponsored by
Places