Overview

File CVE-2017-5627.patch of Package mupdf

X-Git-Url: http://git.ghostscript.com/?p=mujs.git;a=blobdiff_plain;f=jsrun.c;h=ca7d5ad46ba2414f075280ee94121a88f0bcfde6;hp=782a6f9caa62d510377397b0c63c1407e70f6c95;hb=4006739a28367c708dea19aeb19b8a1a9326ce08;hpb=8f62ea10a0af68e56d5c00720523ebcba13c2e6a

diff --git a/jsrun.c b/jsrun.c
index 782a6f9..ca7d5ad 100644
--- a/jsrun.c
+++ b/jsrun.c
@@ -544,7 +544,7 @@ static void jsR_setproperty(js_State *J, js_Object *obj, const char *name)
 		if (!strcmp(name, "length")) {
 			double rawlen = jsV_tonumber(J, value);
 			int newlen = jsV_numbertointeger(rawlen);
-			if (newlen != rawlen)
+			if (newlen != rawlen || newlen < 0)
 				js_rangeerror(J, "array length");
 			jsV_resizearray(J, obj, newlen);
 			return;
openSUSE Build Service is sponsored by
Places