1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Thu, 1 Apr 2021 09:47:56 -0400
Subject: CVE-2021-23165
Fix a number-up crash bug (Issue #413)
Origin: upstream, https://github.com/michaelrsweet/htmldoc/commit/6e8a95561988500b5b5ae4861b3b0cbf4fba517f
Bug: https://github.com/michaelrsweet/htmldoc/issues/413
Bug-Debian: https://bugs.debian.org/989437
---
htmldoc/ps-pdf.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/htmldoc/ps-pdf.cxx
+++ b/htmldoc/ps-pdf.cxx
@@ -1283,7 +1283,7 @@
chapter_outstarts[c] = num_outpages;
for (i = chapter_starts[c], j = 0, nup = -1, page = pages + i;
- i <= chapter_ends[c];
+ i <= chapter_ends[c] && num_outpages < num_pages;
i ++, page ++)
{
if (nup != page->nup)
|
