File poppler-CVE-2024-56378.patch of Package poppler.40038

Index: poppler-0.43.0/poppler/JBIG2Stream.cc
===================================================================
--- poppler-0.43.0.orig/poppler/JBIG2Stream.cc
+++ poppler-0.43.0/poppler/JBIG2Stream.cc
@@ -847,7 +847,7 @@ void JBIG2Bitmap::duplicateRow(int yDest
 
 void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y,
 			  Guint combOp) {
-  int x0, x1, y0, y1, xx, yy;
+  int x0, x1, y0, y1, xx, yy, yyy;
   Guchar *srcPtr, *destPtr;
   Guint src0, src1, src, dest, s1, s2, m1, m2, m3;
   GBool oneByte;
@@ -893,13 +893,16 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
 
   for (yy = y0; yy < y1; ++yy) {
 
-    if (unlikely((y + yy >= h) || (y + yy < 0)))
+    if (unlikely(checkedAdd(y, yy, &yyy))) {
+            continue;
+        }
+        if (unlikely((yyy >= h) || (yyy < 0)))
        continue;
 
     // one byte per line -- need to mask both left and right side
     if (oneByte) {
       if (x >= 0) {
-	destPtr = data + (y + yy) * line + (x >> 3);
+	destPtr = data + yyy * line + (x >> 3);
 	srcPtr = bitmap->data + yy * bitmap->line;
 	dest = *destPtr;
 	src1 = *srcPtr;
@@ -922,7 +925,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
 	}
 	*destPtr = dest;
       } else {
-	destPtr = data + (y + yy) * line;
+	destPtr = data + yyy * line;
 	srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3);
 	dest = *destPtr;
 	src1 = *srcPtr;
@@ -952,7 +955,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
 
       // left-most byte
       if (x >= 0) {
-	destPtr = data + (y + yy) * line + (x >> 3);
+	destPtr = data + yyy * line + (x >> 3);
 	srcPtr = bitmap->data + yy * bitmap->line;
 	src1 = *srcPtr++;
 	dest = *destPtr;
@@ -976,7 +979,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
 	*destPtr++ = dest;
 	xx = x0 + 8;
       } else {
-	destPtr = data + (y + yy) * line;
+	destPtr = data + yyy * line;
 	srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3);
 	src1 = *srcPtr++;
 	xx = x0;