File CVE-2018-16646.patch of Package poppler

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-16646.patch of Package poppler

From 3d35d209c19c1d3b09b794a0c863ba5de44a9c0a Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Mon, 29 Oct 2018 17:44:47 +0100
Subject: [PATCH] Avoid cycles in PDF parsing

Mark objects being processed in Parser::makeStream() as being processed
and check the mark when entering this method to avoid processing
of the same object recursively.
---
 poppler/Parser.cc | 15 +++++++++++++++
 poppler/XRef.h    |  1 +
 2 files changed, 16 insertions(+)

diff --git a/poppler/Parser.cc b/poppler/Parser.cc
index bd4845ab..8f48efbe 100644
--- a/poppler/Parser.cc
+++ b/poppler/Parser.cc
@@ -197,6 +197,18 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey,
   Stream *str;
   Goffset length;
   Goffset pos, endPos;
+  XRefEntry *entry;
+
+  if (xref && (entry = xref->getEntry(objNum, false))) {
+    if (!entry->getFlag(XRefEntry::Parsing) ||
+        (objNum == 0 && objGen == 0)) {
+      entry->setFlag(XRefEntry::Parsing, true);
+    } else {
+      error(errSyntaxError, getPos(),
+            "Object '{0:d} {1:d} obj' is being already parsed", objNum, objGen);
+      return nullptr;
+    }
+  }
 
   // get stream start position
   lexer->skipToNextLine();
@@ -278,6 +290,9 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey,
   // get filters
   str = str->addFilters(str->getDict(), recursion);
 
+  if (entry)
+    entry->setFlag(XRefEntry::Parsing, false);
+
   return str;
 }
 
diff --git a/poppler/XRef.h b/poppler/XRef.h
index 11ee5e03..2eb2f9fd 100644
--- a/poppler/XRef.h
+++ b/poppler/XRef.h
@@ -65,6 +65,7 @@ struct XRefEntry {
   enum Flag {
     // Regular flags
     Updated,     // Entry was modified
+    Parsing,     // Entry is currently being parsed
 
     // Special flags -- available only after xref->scanSpecialFlags() is run
     Unencrypted, // Entry is stored in unencrypted form (meaningless in unencrypted documents)
-- 
2.18.1

Places

File CVE-2018-16646.patch of Package poppler

Places