From cd830968efd9c47cf21226b14094be21a4781024 Mon Sep 17 00:00:00 2001
From: Jay Berkenbilt <ejb@ql.org>
Date: Sat, 15 Jun 2019 08:49:18 -0400
Subject: Eliminate one potential integer overflow

There are more to handle, but this resolves an issue already caught by
oss-fuzz.
---
 libqpdf/QPDF.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libqpdf')

diff --git a/libqpdf/QPDF.cc b/libqpdf/QPDF.cc
index c1e30e08..48015d4b 100644
--- a/libqpdf/QPDF.cc
+++ b/libqpdf/QPDF.cc
@@ -812,7 +812,7 @@ QPDF::read_xrefTable(qpdf_offset_t xref_offset)
 			  "xref syntax invalid");
 	}
         this->m->file->seek(this->m->file->getLastOffset() + bytes, SEEK_SET);
-	for (int i = obj; i < obj + num; ++i)
+	for (qpdf_offset_t i = obj; i - num < obj; ++i)
 	{
 	    if (i == 0)
 	    {
-- 
cgit v1.2.3-54-g00ecf