summary refs log tree commit diff
path: root/gnu/packages/patches/mupdf-CVE-2017-15587.patch
blob: 5da7737ea15f4b8be08c4af39c2304117b7740a0 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Fix CVE-2017-15587.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587
https://nandynarwhals.org/CVE-2017-15587/

Copied from upstream:
<https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8>

diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c
index 66bd0ed..6292793 100644
--- a/source/pdf/pdf-xref.c
+++ b/source/pdf/pdf-xref.c
@@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz
 	pdf_xref_entry *table;
 	int i, n;
 
-	if (i0 < 0 || i1 < 0)
+	if (i0 < 0 || i1 < 0 || (i0+i1) < 0)
 		fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
 	//if (i0 + i1 > pdf_xref_len(ctx, doc))
 	//	fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");