[prev in list] [next in list] [prev in thread] [next in thread]
List: freedesktop-poppler
Subject: [poppler] poppler/ImageEmbeddingUtils.cc
From: GitLab Mirror <gitlab-mirror () kemper ! freedesktop ! org>
Date: 2022-04-01 22:20:10
Message-ID: 20220401222010.42876760BC () kemper ! freedesktop ! org
[Download RAW message or body]
poppler/ImageEmbeddingUtils.cc | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
New commits:
commit eecd243425f51b2fecc8e58cccb4c183e3181976
Author: Albert Astals Cid <aacid@kde.org>
Date: Sat Apr 2 00:16:58 2022 +0200
protect against big files
diff --git a/poppler/ImageEmbeddingUtils.cc b/poppler/ImageEmbeddingUtils.cc
index 723c7dc0..873a7d51 100644
--- a/poppler/ImageEmbeddingUtils.cc
+++ b/poppler/ImageEmbeddingUtils.cc
@@ -3,7 +3,7 @@
// ImageEmbeddingUtils.cc
//
// Copyright (C) 2021 Georgiy Sgibnev <georgiy@sgibnev.com>. Work sponsored by \
lab50.net.
-// Copyright (C) 2021 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2021, 2022 Albert Astals Cid <aacid@kde.org>
// Copyright (C) 2021 Marco Genasci <fedeliallalinea@gmail.com>
//
// This file is licensed under the GPLv2 or later
@@ -339,7 +339,9 @@ public:
}
jpeg_create_decompress(&info);
- jpeg_mem_src(&info, fileContent.get(), fileSize);
+ // fileSize is guaranteed to be in the range 0..int max by the checks in \
embed() + // jpeg_mem_src takes an unsigned long in the 3rd parameter
+ jpeg_mem_src(&info, fileContent.get(), static_cast<unsigned \
long>(fileSize)); jpeg_read_header(&info, TRUE);
jpeg_start_decompress(&info);
auto result = std::unique_ptr<ImageEmbedder>(new \
JpegEmbedder(info.output_width, info.output_height, std::move(fileContent), \
fileSize)); @@ -369,8 +371,13 @@ Ref embed(XRef *xref, const GooFile &imageFile)
error(errIO, -1, "Image file size could not be calculated");
return Ref::INVALID();
}
+ // GooFile::read only takes an integer so for now we don't support huge images
+ if (fileSize > std::numeric_limits<int>::max()) {
+ error(errIO, -1, "file size too big");
+ return Ref::INVALID();
+ }
std::unique_ptr<uint8_t[]> fileContent = std::make_unique<uint8_t[]>(fileSize);
- const Goffset bytesRead = imageFile.read((char *)fileContent.get(), fileSize, \
0); + const int bytesRead = imageFile.read((char *)fileContent.get(), fileSize, \
0); if ((bytesRead != fileSize) || (fileSize < MAX_MAGIC_NUM_SIZE)) {
error(errIO, -1, "Couldn't load the image file");
return Ref::INVALID();
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic