File poppler-CVE-2020-23804.patch of Package poppler.31252
Index: poppler-0.79.0/poppler/XRef.cc
===================================================================
--- poppler-0.79.0.orig/poppler/XRef.cc
+++ poppler-0.79.0/poppler/XRef.cc
@@ -634,6 +634,12 @@ bool XRef::readXRefTable(Parser *parser,
ok = false;
}
}
+ // Arbitrary limit because otherwise we exhaust the stack
+ // calling readXRef + readXRefTable
+ if (followedXRefStm->size() > 4096) {
+ error(errSyntaxError, -1, "File has more than 4096 XRefStm, aborting");
+ ok = false;
+ }
if (ok) {
followedXRefStm->push_back(pos2);
readXRef(&pos2, followedXRefStm, xrefStreamObjsNum);