1From 591235c8b6c65a2eee88991b9ae73490fd9afdfe Mon Sep 17 00:00:00 2001 2From: Albert Astals Cid <aacid@kde.org> 3Date: Fri, 18 Aug 2023 11:36:06 +0000 4Subject: [PATCH] OutlineItem::open: Fix crash on malformed files 5 6Fixes #1399 7 8CVE: CVE-2023-34872 9 10Upstream-Status: Backport [https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe] 11 12Signed-off-by: Yogita Urade <yogita.urade@windriver.com> 13--- 14 poppler/Outline.cc | 10 +++++++--- 15 1 file changed, 7 insertions(+), 3 deletions(-) 16 17diff --git a/poppler/Outline.cc b/poppler/Outline.cc 18index cbb6cb4..4c68be9 100644 19--- a/poppler/Outline.cc 20+++ b/poppler/Outline.cc 21@@ -14,7 +14,7 @@ 22 // under GPL version 2 or later 23 // 24 // Copyright (C) 2005 Marco Pesenti Gritti <mpg@redhat.com> 25-// Copyright (C) 2008, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org> 26+// Copyright (C) 2008, 2016-2019, 2021, 2023 Albert Astals Cid <aacid@kde.org> 27 // Copyright (C) 2009 Nick Jones <nick.jones@network-box.com> 28 // Copyright (C) 2016 Jason Crain <jason@aquaticape.us> 29 // Copyright (C) 2017 Adrian Johnson <ajohnson@redneon.com> 30@@ -483,8 +483,12 @@ void OutlineItem::open() 31 { 32 if (!kids) { 33 Object itemDict = xref->fetch(ref); 34- const Object &firstRef = itemDict.dictLookupNF("First"); 35- kids = readItemList(this, &firstRef, xref, doc); 36+ if (itemDict.isDict()) { 37+ const Object &firstRef = itemDict.dictLookupNF("First"); 38+ kids = readItemList(this, &firstRef, xref, doc); 39+ } else { 40+ kids = new std::vector<OutlineItem *>(); 41+ } 42 } 43 } 44 45-- 462.35.5 47