Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
poppler-qt5.31254
CVE-2018-16646.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-16646.patch of Package poppler-qt5.31254
From 3d35d209c19c1d3b09b794a0c863ba5de44a9c0a Mon Sep 17 00:00:00 2001 From: Marek Kasik <mkasik@redhat.com> Date: Mon, 29 Oct 2018 17:44:47 +0100 Subject: [PATCH] Avoid cycles in PDF parsing Mark objects being processed in Parser::makeStream() as being processed and check the mark when entering this method to avoid processing of the same object recursively. --- poppler/Parser.cc | 15 +++++++++++++++ poppler/XRef.h | 1 + 2 files changed, 16 insertions(+) diff --git a/poppler/Parser.cc b/poppler/Parser.cc index bd4845ab..8f48efbe 100644 --- a/poppler/Parser.cc +++ b/poppler/Parser.cc @@ -197,6 +197,18 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey, Stream *str; Goffset length; Goffset pos, endPos; + XRefEntry *entry; + + if (xref && (entry = xref->getEntry(objNum, false))) { + if (!entry->getFlag(XRefEntry::Parsing) || + (objNum == 0 && objGen == 0)) { + entry->setFlag(XRefEntry::Parsing, true); + } else { + error(errSyntaxError, getPos(), + "Object '{0:d} {1:d} obj' is being already parsed", objNum, objGen); + return nullptr; + } + } // get stream start position lexer->skipToNextLine(); @@ -278,6 +290,9 @@ Stream *Parser::makeStream(Object &&dict, Guchar *fileKey, // get filters str = str->addFilters(str->getDict(), recursion); + if (entry) + entry->setFlag(XRefEntry::Parsing, false); + return str; } diff --git a/poppler/XRef.h b/poppler/XRef.h index 11ee5e03..2eb2f9fd 100644 --- a/poppler/XRef.h +++ b/poppler/XRef.h @@ -65,6 +65,7 @@ struct XRefEntry { enum Flag { // Regular flags Updated, // Entry was modified + Parsing, // Entry is currently being parsed // Special flags -- available only after xref->scanSpecialFlags() is run Unencrypted, // Entry is stored in unencrypted form (meaningless in unencrypted documents) -- 2.18.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
