[kdegraphics/f13/master] - Security fix, Okular PDB Processing Memory Corruption Vulnerability cve-2010-2575

[Than Ngo]

commit 11cff3a60e419b70569bf46d4c3c5f699a846cd0
Author: Than Ngo <than at redhat.com>
Date:   Thu Aug 26 00:15:32 2010 +0200

    - Security fix, Okular PDB Processing Memory Corruption Vulnerability
      cve-2010-2575

 kdegraphics-okular-cve-2010-2575.patch |   29 +++++++++++++++++++++++++++++
 kdegraphics.spec                       |   10 +++++++++-
 2 files changed, 38 insertions(+), 1 deletions(-)
---
diff --git a/kdegraphics-okular-cve-2010-2575.patch b/kdegraphics-okular-cve-2010-2575.patch
new file mode 100644
index 0000000..ca0d498
--- /dev/null
+++ b/kdegraphics-okular-cve-2010-2575.patch
@@ -0,0 +1,29 @@
+diff -Nur kdegraphics-4.5.0/okular/generators/plucker/unpluck/image.cpp kdegraphics-4.5.0.me/okular/generators/plucker/unpluck/image.cpp
+--- kdegraphics-4.5.0/okular/generators/plucker/unpluck/image.cpp	2008-02-21 10:27:47.000000000 +0100
++++ kdegraphics-4.5.0.me/okular/generators/plucker/unpluck/image.cpp	2010-08-25 22:03:11.000000000 +0200
+@@ -289,8 +289,23 @@
+             for (j = 0; j < bytes_per_row;) {
+                 incount = *palm_ptr++;
+                 inval = *palm_ptr++;
+-                memset (rowbuf + j, inval, incount);
+-                j += incount;
++                if (incount + j <= bytes_per_row  * width)
++                {
++                    memset (rowbuf + j, inval, incount);
++                    j += incount;
++                }
++                else
++                {
++                    free (rowbuf);
++                    free (lastrow);
++                    free (jpeg_row);
++
++                    jpeg_destroy_compress (&cinfo);
++
++                    fclose( outfile );
++
++                    return false;
++                }
+             }
+         }
+         else if ((flags & PALM_IS_COMPRESSED_FLAG)
diff --git a/kdegraphics.spec b/kdegraphics.spec
index ccae00c..c258140 100644
--- a/kdegraphics.spec
+++ b/kdegraphics.spec
@@ -8,7 +8,7 @@
 Summary:        KDE Graphics Applications
 Epoch:          7
 Version:        4.4.5
-Release:        2%{?dist}
+Release:        3%{?dist}
 
 Name:           kdegraphics
 #Obsoletes:     kdegraphics4 < %{version}-%{release}
@@ -21,6 +21,8 @@ Source0:        ftp://ftp.kde.org/pub/kde/stable/%{version}/src/kdegraphics-%{ve
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 ## upstream patches
+# CVE-2010-2575, Okular PDB Processing Memory Corruption Vulnerability 
+Patch100: kdegraphics-okular-cve-2010-2575.patch
 
 %if 0%{?fedora}
 BuildRequires:  chmlib-devel
@@ -101,6 +103,8 @@ Summary: A kioslave for displaying WinHelp files
 %prep
 %setup -q -n kdegraphics-%{version}%{?alphatag}
 
+%patch100 -p1 -b .cve-2010-2575
+
 
 %build
 mkdir -p %{_target_platform}
@@ -236,6 +240,10 @@ fi
 
 
 %changelog
+* Thu Aug 26 2010 Than Ngo <than at redhat.com> - 7:4.4.5-3
+- Security fix, Okular PDB Processing Memory Corruption Vulnerability
+  cve-2010-2575
+
 * Sun Jul 04 2010 Rex Dieter <rdieter at fedoraproject.org> - 7:4.4.5-2 
 - Missing kdebase-runtime dependency for Okular (kdegraphics) (#611118)