XCAppCollection
/
XCVMKit-OS


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445
							From e5cc11e0b5b867f4705fd28ff1b981c1224be1cd Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Wed, 17 May 2023 22:42:05 +0200
Subject: [PATCH] OutlineItem::open: Fix crash on malformed files

Fixes #1399

Upstream: https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe
[Thomas: backported to fix CVE-2023-34872]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 poppler/Outline.cc | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/poppler/Outline.cc b/poppler/Outline.cc
index cbb6cb49..4c68be99 100644
--- a/poppler/Outline.cc
+++ b/poppler/Outline.cc
@@ -14,7 +14,7 @@
 // under GPL version 2 or later
 //
 // Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com>
-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org>
+// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org>
 // Copyright (C) 2009 Nick Jones <nick.jones@network-box.com>
 // Copyright (C) 2016 Jason Crain <jason@aquaticape.us>
 // Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com>
@@ -483,8 +483,12 @@ void OutlineItem::open()
 {
     if (!kids) {
         Object itemDict = xref->fetch(ref);
-        const Object &firstRef = itemDict.dictLookupNF("First");
-        kids = readItemList(this, &firstRef, xref, doc);
+        if (itemDict.isDict()) {
+            const Object &firstRef = itemDict.dictLookupNF("First");
+            kids = readItemList(this, &firstRef, xref, doc);
+        } else {
+            kids = new std::vector<OutlineItem *>();
+        }
     }
 }
 
-- 
2.41.0