app-text/xpdf: Backport fix for CVE-2022-38171

[gentoo-draconx.git] / app-text / xpdf / files / xpdf-cve-2022-38171.patch

diff --git a/app-text/xpdf/files/xpdf-cve-2022-38171.patch b/app-text/xpdf/files/xpdf-cve-2022-38171.patch
new file mode 100644 (file)
index 0000000..9c027f5
--- /dev/null
+++ b/app-text/xpdf/files/xpdf-cve-2022-38171.patch
@@ -0,0 +1,20 @@
+diff --git a/xpdf/JBIG2Stream.cc b/xpdf/JBIG2Stream.cc
+index 8588931..00c8950 100644
+--- a/xpdf/JBIG2Stream.cc
++++ b/xpdf/JBIG2Stream.cc
+@@ -1977,7 +1977,14 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm,
+   for (i = 0; i < nRefSegs; ++i) {
+     if ((seg = findSegment(refSegs[i]))) {
+       if (seg->getType() == jbig2SegSymbolDict) {
+-      numSyms += ((JBIG2SymbolDict *)seg)->getSize();
++      Guint segSize = ((JBIG2SymbolDict *)seg)->getSize();
++      if (segSize > INT_MAX || numSyms > INT_MAX - segSize) {
++        error(errSyntaxError, getPos(),
++              "Too many symbols in JBIG2 text region");
++        delete codeTables;
++        return;
++      }
++      numSyms += segSize;
+       } else if (seg->getType() == jbig2SegCodeTable) {
+       codeTables->append(seg);
+       }