summarylogtreecommitdiffstats
path: root/CVE-2017-15587.patch
blob: b5f3c2fded174e1429d160b56f433d47f9452fc3 (plain)
1
2
3
4
5
6
7
8
9
10
11
--- a/source/pdf/pdf-xref.c
+++ b/source/pdf/pdf-xref.c
@@ -918,7 +918,7 @@
 	pdf_xref_entry *table;
 	int i, n;
 
-	if (i0 < 0 || i1 < 0)
+	if (i0 < 0 || i1 < 0 || (i0+i1) < 0)
 		fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index");
 	//if (i0 + i1 > pdf_xref_len(ctx, doc))
 	//	fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries");