From: Bertrand Marc <bmarc@debian.org>
Subject: CVE-2017-15922

Bug-Debian: https://bugs.debian.org/880016
Bug-Upstream: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html
Origin: https://gnunet.org/git/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117
---
 src/plugins/dvi_extractor.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/plugins/dvi_extractor.c b/src/plugins/dvi_extractor.c
index e4cfa3a..2c9eaa2 100644
--- a/src/plugins/dvi_extractor.c
+++ b/src/plugins/dvi_extractor.c
@@ -207,7 +210,8 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec)
     goto CLEANUP;
   opos = pos;
   pos = getIntAt (&data[opos + 1]);
-  if (pos + 25 > size)
+  if ( (pos + 25 > size) ||
+       (pos + 25 < pos) )
     goto CLEANUP;
   /* assert pos at 'post' command */
   if (data[pos] != 248)
@@ -219,7 +223,8 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec)
     {
       if (UINT32_MAX == pos)
         break;
-      if (pos + 45 > size)
+      if ( (pos + 45 > size) ||
+	   (pos + 45 < pos) )
 	goto CLEANUP;
       if (data[pos] != 139)     /* expect 'bop' */
 	goto CLEANUP;
@@ -268,7 +273,8 @@ EXTRACTOR_dvi_extract_method (struct EXTRACTOR_ExtractContext *ec)
   }
   /* try to find PDF/ps special */
   pos = opos;
-  while (pos < size - 100)
+  while ( (size >= 100) &&
+	  (pos < size - 100) )
     {
       switch (data[pos])
         {