[poppler/f13/master] Check the objects are numbers before using them
mkasik
mkasik at fedoraproject.org
Thu Nov 25 11:29:49 UTC 2010
commit e9f0af73427d70d7b935b26c0a4126ac544e9c5e
Author: Marek Kasik <mkasik at redhat.com>
Date: Thu Nov 25 12:27:59 2010 +0100
Check the objects are numbers before using them
Resolves: #625744
poppler-0.12.4-check-numbers.patch | 36 ++++++++++++++++++++++++++++++++++++
poppler.spec | 9 ++++++++-
2 files changed, 44 insertions(+), 1 deletions(-)
---
diff --git a/poppler-0.12.4-check-numbers.patch b/poppler-0.12.4-check-numbers.patch
new file mode 100644
index 0000000..560e4f6
--- /dev/null
+++ b/poppler-0.12.4-check-numbers.patch
@@ -0,0 +1,36 @@
+--- poppler-0.12.4/poppler/GfxState.cc 2010-01-20 23:02:06.000000000 +0100
++++ poppler-0.12.4/poppler/GfxState.cc 2010-11-25 11:24:07.000000000 +0100
+@@ -2519,15 +2519,25 @@ GBool GfxShading::init(Dict *dict, Gfx *
+ hasBBox = gFalse;
+ if (dict->lookup("BBox", &obj1)->isArray()) {
+ if (obj1.arrayGetLength() == 4) {
+- hasBBox = gTrue;
+- xMin = obj1.arrayGet(0, &obj2)->getNum();
+- obj2.free();
+- yMin = obj1.arrayGet(1, &obj2)->getNum();
+- obj2.free();
+- xMax = obj1.arrayGet(2, &obj2)->getNum();
+- obj2.free();
+- yMax = obj1.arrayGet(3, &obj2)->getNum();
++ Object obj3, obj4, obj5;
++ obj1.arrayGet(0, &obj2);
++ obj1.arrayGet(1, &obj3);
++ obj1.arrayGet(2, &obj4);
++ obj1.arrayGet(3, &obj5);
++ if (obj2.isNum() && obj3.isNum() && obj4.isNum() && obj5.isNum())
++ {
++ hasBBox = gTrue;
++ xMin = obj2.getNum();
++ yMin = obj3.getNum();
++ xMax = obj4.getNum();
++ yMax = obj5.getNum();
++ } else {
++ error(-1, "Bad BBox in shading dictionary (Values not numbers)");
++ }
+ obj2.free();
++ obj3.free();
++ obj4.free();
++ obj5.free();
+ } else {
+ error(-1, "Bad BBox in shading dictionary");
+ }
diff --git a/poppler.spec b/poppler.spec
index 73c7e8d..d4ab5b7 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -2,7 +2,7 @@
Summary: PDF rendering library
Name: poppler
Version: 0.12.4
-Release: 6%{?dist}
+Release: 7%{?dist}
License: GPLv2
Group: Development/Libraries
URL: http://poppler.freedesktop.org/
@@ -33,6 +33,8 @@ Patch107: poppler-0.12.4-CVE-2010-3702.patch
Patch108: poppler-0.12.4-CVE-2010-3703.patch
# http://bugzilla.redhat.com/show_bug.cgi?id=638960
Patch109: poppler-0.12.4-CVE-2010-3704.patch
+# http://bugzilla.redhat.com/show_bug.cgi?id=625744
+Patch110: poppler-0.12.4-check-numbers.patch
Requires: poppler-data >= 0.4.0
BuildRequires: automake libtool
@@ -146,6 +148,7 @@ converting PDF files to a number of other formats.
%patch107 -p1 -b .CVE-2010-3702
%patch108 -p1 -b .CVE-2010-3703
%patch109 -p1 -b .CVE-2010-3704
+%patch110 -p1 -b .check-numbers
chmod -x goo/GooTimer.h
@@ -249,6 +252,10 @@ rm -rf $RPM_BUILD_ROOT
%changelog
+* Thu Nov 25 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-7
+- Check the objects are numbers before using them
+- Resolves: #625744
+
* Thu Oct 7 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-6
- Add poppler-0.12.4-CVE-2010-3702.patch
(Properly initialize parser)
More information about the scm-commits
mailing list