26 lines
915 B
Diff
26 lines
915 B
Diff
Fix CVE-2017-15587.
|
|
|
|
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
|
|
https://nandynarwhals.org/CVE-2017-15587/
|
|
|
|
This patch is these two upstream commits squashed together:
|
|
<https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8>
|
|
<https://git.ghostscript.com/?p=mupdf.git;h=d18bc728e46c5a5708f14d27c2b6c44e1d0c3232>
|
|
|
|
diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
|
|
index 66bd0ed8..89499e61 100644
|
|
--- a/source/pdf/pdf-xref.c
|
|
+++ b/source/pdf/pdf-xref.c
|
|
@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz
|
|
pdf_xref_entry *table;
|
|
int i, n;
|
|
|
|
- if (i0 < 0 || i1 < 0)
|
|
+ if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1)
|
|
fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
|
|
//if (i0 + i1 > pdf_xref_len(ctx, doc))
|
|
// fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
|
|
--
|
|
2.15.0
|
|
|