Overview

File poppler-CVE-2020-36024.patch of Package poppler-qt5.31745

From 3cc28b66132e66ed2dfe13a9a285ac41ac7267d5 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Wed, 23 Dec 2020 23:27:02 +0100
Subject: [PATCH] FoFiType1C: Fix crashes with broken files

---
 fofi/FoFiType1C.cc | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

Index: poppler-0.62.0/fofi/FoFiType1C.cc
===================================================================
--- poppler-0.62.0.orig/fofi/FoFiType1C.cc
+++ poppler-0.62.0/fofi/FoFiType1C.cc
@@ -200,7 +200,6 @@ void FoFiType1C::convertToType1(char *ps
   Type1CIndexVal val;
   GooString *buf;
   char buf2[256];
-  const char **enc;
   GBool ok;
   int i;
 
@@ -312,9 +311,9 @@ void FoFiType1C::convertToType1(char *ps
     (*outputFunc)(outputStream, "256 array\n", 10);
     (*outputFunc)(outputStream,
 		  "0 1 255 {1 index exch /.notdef put} for\n", 40);
-    enc = newEncoding ? newEncoding : (const char **)encoding;
+    const char **enc = newEncoding ? newEncoding : (const char **)encoding;
     for (i = 0; i < 256; ++i) {
-      if (enc[i]) {
+      if (enc && enc[i]) {
 	buf = GooString::format("dup {0:d} /{1:s} put\n", i, enc[i]);
 	(*outputFunc)(outputStream, buf->getCString(), buf->getLength());
 	delete buf;
@@ -2020,7 +2019,7 @@ GBool FoFiType1C::parse() {
       readPrivateDict(0, 0, &privateDicts[0]);
     } else {
       getIndex(topDict.fdArrayOffset, &fdIdx, &parsedOk);
-      if (!parsedOk) {
+      if (!parsedOk || fdIdx.len <= 0) {
 	return gFalse;
       }
       nFDs = fdIdx.len;
openSUSE Build Service is sponsored by
Places