Overview

File poppler-CVE-2023-34872.patch of Package poppler.38203

From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Wed, 17 May 2023 22:42:05 +0200
Subject: [PATCH] OutlineItem::open: Fix crash on malformed files

Fixes #1399
---
 poppler/Outline.cc | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/poppler/Outline.cc b/poppler/Outline.cc
index cbb6cb498..4c68be990 100644
--- a/poppler/Outline.cc
+++ b/poppler/Outline.cc
@@ -483,8 +483,12 @@ void OutlineItem::open()
 {
     if (!kids) {
         Object itemDict = xref->fetch(ref);
-        const Object &firstRef = itemDict.dictLookupNF("First");
-        kids = readItemList(this, &firstRef, xref, doc);
+        if (itemDict.isDict()) {
+            const Object &firstRef = itemDict.dictLookupNF("First");
+            kids = readItemList(this, &firstRef, xref, doc);
+        } else {
+            kids = new std::vector<OutlineItem *>();
+        }
     }
 }
 
-- 
GitLab
openSUSE Build Service is sponsored by
Places