fix for CVE-2017-15587

author: valoq 2017-10-28 18:02:55 +0200
committer: valoq 2017-10-28 18:02:55 +0200
commit: 55c3a44b3a7d2caa929dc2d49d48ff735f9334e5 (patch)
tree: f84c4bdb5cfba892c71b4442c133f0fb6c82b079 /CVE-2017-15587.patch
parent: 9e336b6fc042fd93773834e01e5d26ae6fb49733 (diff)
download: aur-mupdf-seccomp.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/CVE-2017-15587.patch b/CVE-2017-15587.patch
new file mode 100644
index 000000000000..b5f3c2fded17
--- /dev/null
+++ b/CVE-2017-15587.patch
@@ -0,0 +1,11 @@
+--- a/source/pdf/pdf-xref.c
++++ b/source/pdf/pdf-xref.c
+@@ -918,7 +918,7 @@
+ 	pdf_xref_entry *table;
+ 	int i, n;
+ 
+-	if (i0 < 0 || i1 < 0)
++	if (i0 < 0 || i1 < 0 || (i0+i1) < 0)
+ 		fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
+ 	//if (i0 + i1 > pdf_xref_len(ctx, doc))
+ 	//	fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");
author	valoq	2017-10-28 18:02:55 +0200
committer	valoq	2017-10-28 18:02:55 +0200
commit	55c3a44b3a7d2caa929dc2d49d48ff735f9334e5 (patch)
tree	f84c4bdb5cfba892c71b4442c133f0fb6c82b079 /CVE-2017-15587.patch
parent	9e336b6fc042fd93773834e01e5d26ae6fb49733 (diff)
download	aur-mupdf-seccomp.tar.gz