Overview

File CVE-2022-38784.patch of Package poppler.31255

diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 662276e547eb223b1c525057ada2e06dea925b7c..9f70431de49e7acbebc540104da8699eda20acc8 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -1976,7 +1976,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
     for (i = 0; i < nRefSegs; ++i) {
         if ((seg = findSegment(refSegs[i]))) {
             if (seg->getType() == jbig2SegSymbolDict) {
-                numSyms += ((JBIG2SymbolDict *)seg)->getSize();
+                const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
+                if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
+                    error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
+                    return;
+                }
             } else if (seg->getType() == jbig2SegCodeTable) {
                 codeTables.push_back(seg);
             }
openSUSE Build Service is sponsored by
Places