Overview

File 0013-Fix-CVE-2017-6847-NULL-pointer-dereference-when-reading-XObject-without-BBox.patch of Package podofo

Subject: Fix CVE-2017-6847: NULL pointer dereference when reading XObject without BBox
Url: https://sourceforge.net/p/podofo/code/1846/

--- a/podofo/trunk/src/doc/PdfXObject.cpp
+++ b/podofo/trunk/src/doc/PdfXObject.cpp
@@ -261,8 +261,10 @@
     
     m_pResources = pObject->GetIndirectKey( "Resources" );
     m_Identifier = PdfName( out.str().c_str() );
-    m_rRect      = PdfRect( this->GetObject()->GetIndirectKey( "BBox" )->GetArray() );
-    m_Reference  = this->GetObject()->Reference();
+    m_Reference  = this->GetObject()->Reference();
+
+    if( this->GetObject()->GetIndirectKey( "BBox" ) )
+        m_rRect = PdfRect( this->GetObject()->GetIndirectKey( "BBox" )->GetArray() );
 }
 
 void PdfXObject::InitXObject( const PdfRect & rRect, const char* pszPrefix )
openSUSE Build Service is sponsored by
Places