From 09e67a32cc2c4e67b553d1ee1d16c7cf4522534c Mon Sep 17 00:00:00 2001
From: Pompolic <pompolic@special-circumstanc.es>
Date: Fri, 10 Dec 2021 05:45:38 +0100
Subject: [PATCH] Fix SIGFPE if /Colors in stream dictionary is 0

---
 pdf.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/pdf.c b/pdf.c
index 6209013..9a77286 100644
--- a/pdf.c
+++ b/pdf.c
@@ -2481,7 +2481,7 @@ init_parser(struct Env *aux)
 
 	/* streams */
 	H_RULE(stmbeg,	SEQ(dict, OPT(ws), LIT("stream"), OPT(cr),
-			    CHX(lf, VIOL(epsilon, "No linefeed after 'stream' (severity=7)"))));
+			    CHX(lf, VIOL(epsilon, "No linefeed after 'stream' (severity=7)")))); // XXX: stream dictionary could be validated here
 	H_RULE(stmend,	CHX(SEQ(eol, LIT("endstream")),
 			   VIOL(LIT("ndstream"), "Stream length >1-too-long (severity=10)"),
 			   VIOL(SEQ(h_many(wchar), LIT("endstream")),
@@ -3107,6 +3107,17 @@ FlateDecode(const Dict *parms, HBytes b, HParser *p)
 			return NULL;
 		}
 
+		if(pred.colors < 1)
+		{
+			fprintf(stderr, "FlateDecode: /Colors has an invalid value of %d\n", pred.colors);
+			return NULL;
+		}
+		if(pred.bpc != 1 || pred.bpc != 2 || pred.bpc != 4 || pred.bpc != 8)
+		{
+			fprintf(stderr, "FlateDecode: /BitsPerComponent has an invalid value of %d\n", pred.bpc);
+			return NULL;
+		}
+
 		/* allocate row buffer */
 		if (pred.columns > (INT_MAX - 7) / pred.colors / pred.bpc) {
 			fprintf(stderr, "FlateDecode: overflow\n");
@@ -3247,6 +3258,17 @@ LZWDecode(const Dict *parms, HBytes b, HParser *p)
 			return NULL;
 		}
 
+		if(pred.colors < 1)
+		{
+			fprintf(stderr, "LZWDecode: /Colors has an invalid value of %d\n", pred.colors);
+			return NULL;
+		}
+		if(pred.bpc != 1 || pred.bpc != 2 || pred.bpc != 4 || pred.bpc != 8)
+		{
+			fprintf(stderr, "LZWDecode: /BitsPerComponent has an invalid value of %d\n", pred.bpc);
+			return NULL;
+		}
+
 		/* allocate row buffer */
 		if (pred.columns > (INT_MAX - 7) / pred.colors / pred.bpc) {
 			fprintf(stderr, "LZWDecode: overflow\n");
-- 
GitLab