--- poppler-0.10.4.orig/poppler-0.10.4/poppler/Outline.cc	2008-12-11 22:18:39.000000000 +0000
+++ poppler-0.10.4/poppler-0.10.4/poppler/Outline.cc	2009-03-02 06:11:25.000000000 +0000
@@ -30,6 +30,7 @@
 #include "goo/gmem.h"
 #include "goo/GooString.h"
 #include "goo/GooList.h"
+#include "XRef.h"
 #include "Link.h"
 #include "PDFDocEncoding.h"
 #include "Outline.h"
@@ -129,6 +132,7 @@
 GooList *OutlineItem::readItemList(Object *firstItemRef, Object *lastItemRef,
 				 XRef *xrefA) {
   GooList *items;
+  char* alreadyRead;
   OutlineItem *item;
   Object obj;
   Object *p;
@@ -137,12 +141,20 @@
     return NULL;
 
   items = new GooList();
+
+  alreadyRead = (char *)gmalloc(xrefA->getNumObjects());
+  memset(alreadyRead, 0, xrefA->getNumObjects());
+
   p = firstItemRef;
-  while (p->isRef()) {
+  while (p->isRef() && 
+	 (p->getRefNum() >= 0) && 
+         (p->getRefNum() < xrefA->getNumObjects()) && 
+         !alreadyRead[p->getRefNum()]) {
     if (!p->fetch(xrefA, &obj)->isDict()) {
       obj.free();
       break;
     }
+    alreadyRead[p->getRefNum()] = 1;
     item = new OutlineItem(obj.getDict(), xrefA);
     obj.free();
     items->append(item);
@@ -153,6 +165,8 @@
     p = &item->nextRef;
   }
 
+  gfree(alreadyRead);
+
   if (!items->getLength()) {
     delete items;
     items = NULL;