From c1684eae9144129027642f5069a0fd97f0559ec8 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Thu, 22 Oct 2020 05:45:01 -0400
Subject: Check for overflow in page labels (fuzz issue 23599)

---
 libqpdf/QPDFPageLabelDocumentHelper.cc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'libqpdf/QPDFPageLabelDocumentHelper.cc')

diff --git a/libqpdf/QPDFPageLabelDocumentHelper.cc b/libqpdf/QPDFPageLabelDocumentHelper.cc
index a650fa9c..4be9073f 100644
--- a/libqpdf/QPDFPageLabelDocumentHelper.cc
+++ b/libqpdf/QPDFPageLabelDocumentHelper.cc
@@ -53,6 +53,7 @@ QPDFPageLabelDocumentHelper::getLabelForPage(long long page_idx)
     {
         start = St.getIntValue();
     }
+    QIntC::range_check(start, offset);
     start += offset;
     result = QPDFObjectHandle::newDictionary();
     result.replaceOrRemoveKey("/S", S);
-- 
cgit v1.2.3-70-g09d2