diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/poppler/0.61-CVE-2019-9959.patch')
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/poppler/0.61-CVE-2019-9959.patch | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/poppler/0.61-CVE-2019-9959.patch b/nixpkgs/pkgs/development/libraries/poppler/0.61-CVE-2019-9959.patch new file mode 100644 index 000000000000..5c2af7a2adc2 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/poppler/0.61-CVE-2019-9959.patch @@ -0,0 +1,20 @@ +diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc +--- a/poppler/JPEG2000Stream.cc ++++ b/poppler/JPEG2000Stream.cc +@@ -201,7 +201,7 @@ void JPXStream::init() + if (getDict()) smaskInData = getDict()->lookup("SMaskInData"); + + int bufSize = BUFFER_INITIAL_SIZE; +- if (oLen.isInt()) bufSize = oLen.getInt(); ++ if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt(); + + if (cspace.isArray() && cspace.arrayGetLength() > 0) { + +@@ -365,7 +365,7 @@ void JPXStream::init() + } + + int bufSize = BUFFER_INITIAL_SIZE; +- if (oLen.isInt()) bufSize = oLen.getInt(); ++ if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt(); + + if (cspace.isArray() && cspace.arrayGetLength() > 0) { |