From 674dafd5a778643f103fff4d5ff1b140db293a59 Mon Sep 17 00:00:00 2001
From: starlet-dx <15929766099@163.com>
Date: Mon, 5 Aug 2024 17:05:58 +0800
Subject: [PATCH 1/1] heap-buffer-overflow in QPDF::processXRefStream found by ASAN

Origin: 
https://github.com/qpdf/qpdf/issues/701
https://bugzilla.suse.com/show_bug.cgi?id=1201830#c5
---
 libqpdf/QPDF.cc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc
index c1e30e0..9313588 100644
--- a/libqpdf/QPDF.cc
+++ b/libqpdf/QPDF.cc
@@ -1014,6 +1014,13 @@ QPDF::processXRefStream(qpdf_offset_t xref_offset, QPDFObjectHandle& xref_obj)
                           "Cross-reference stream's /W contains"
                           " impossibly large values");
         }
+        if (W[i] < 0)
+        {
+            throw QPDFExc(qpdf_e_damaged_pdf, this->m->file->getName(),
+                          "xref stream", xref_offset,
+                          "Cross-reference stream's /W contains"
+                          " negative values");
+        }
 	entry_size += W[i];
     }
     if (entry_size == 0)
-- 
2.33.0