File CVE-2017-18267.patch of Package poppler-qt.31743

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2017-18267.patch of Package poppler-qt.31743

From 60b4fe65bc9dc9b82bbadf0be2e3781be796a13d Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 1 May 2018 02:46:17 +0200
Subject: FoFiType1C::cvtGlyph: Fix infinite recursion on malformed documents

Bugs #104942, #103238
---
 fofi/FoFiType1C.cc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

Index: poppler-0.24.4/fofi/FoFiType1C.cc
===================================================================
--- poppler-0.24.4.orig/fofi/FoFiType1C.cc
+++ poppler-0.24.4/fofi/FoFiType1C.cc
@@ -32,6 +32,7 @@
 #include <math.h>
 #include "goo/gmem.h"
 #include "goo/gstrtod.h"
+#include "goo/GooLikely.h"
 #include "goo/GooString.h"
 #include "FoFiEncodings.h"
 #include "FoFiType1C.h"
@@ -1353,7 +1354,7 @@ void FoFiType1C::cvtGlyph(int offset, in
 	  --nOps;
 	  ok = gTrue;
 	  getIndexVal(subrIdx, k, &val, &ok);
-	  if (ok) {
+	  if (likely(ok && val.pos != offset)) {
 	    cvtGlyph(val.pos, val.len, charBuf, subrIdx, pDict, gFalse);
 	  }
 	} else {
@@ -1588,7 +1589,7 @@ void FoFiType1C::cvtGlyph(int offset, in
 	  --nOps;
 	  ok = gTrue;
 	  getIndexVal(&gsubrIdx, k, &val, &ok);
-	  if (ok) {
+	  if (likely(ok && val.pos != offset)) {
 	    cvtGlyph(val.pos, val.len, charBuf, subrIdx, pDict, gFalse);
 	  }
 	} else {

Places

File CVE-2017-18267.patch of Package poppler-qt.31743

Places