Overview

File xpdf-CVE-2007-5392.patch of Package pdftohtml

Index: xpdf/Stream.cc
===================================================================
--- xpdf/Stream.cc.orig
+++ xpdf/Stream.cc
@@ -1904,6 +1904,12 @@
     // allocate a buffer for the whole image
     bufWidth = ((width + mcuWidth - 1) / mcuWidth) * mcuWidth;
     bufHeight = ((height + mcuHeight - 1) / mcuHeight) * mcuHeight;
+	if (bufWidth <= 0 || bufHeight <= 0 ||
+		bufWidth > INT_MAX / bufWidth / (int)sizeof(int)) {
+      	error(getPos(), "Invalid image size in DCT stream");
+      	y = height;
+      	return;
+    }
     for (i = 0; i < numComps; ++i) {
       frameBuf[i] = (int *)gmalloc(bufWidth * bufHeight * sizeof(int));
       memset(frameBuf[i], 0, bufWidth * bufHeight * sizeof(int));
openSUSE Build Service is sponsored by
Places