Overview

File poppler-fofi-buffer-overflow.patch of Package poppler

Index: poppler-0.12.0/fofi/FoFiType1.cc
===================================================================
--- poppler-0.12.0.orig/fofi/FoFiType1.cc
+++ poppler-0.12.0/fofi/FoFiType1.cc
@@ -220,7 +220,7 @@ void FoFiType1::parse() {
       for (j = 0, line = getNextLine(line);
 	   j < 300 && line && (line1 = getNextLine(line));
 	   ++j, line = line1) {
-	if ((n = line1 - line) > 255) {
+	if ((n = line1 - line) > 255 || n < 0) {
 	  error(-1, "FoFiType1::parse a line has more than 255 characters, we don't support this");
 	  n = 255;
 	}
openSUSE Build Service is sponsored by
Places