[poppler/f13/master] Check the objects are numbers before using them

Thu Nov 25 11:29:49 UTC 2010

commit e9f0af73427d70d7b935b26c0a4126ac544e9c5e
Author: Marek Kasik <mkasik at redhat.com>
Date:   Thu Nov 25 12:27:59 2010 +0100

    Check the objects are numbers before using them
    
    Resolves: #625744

 poppler-0.12.4-check-numbers.patch |   36 ++++++++++++++++++++++++++++++++++++
 poppler.spec                       |    9 ++++++++-
 2 files changed, 44 insertions(+), 1 deletions(-)
---

diff --git a/poppler-0.12.4-check-numbers.patch b/poppler-0.12.4-check-numbers.patch
new file mode 100644
index 0000000..560e4f6
--- /dev/null
+++ b/poppler-0.12.4-check-numbers.patch
@@ -0,0 +1,36 @@
+--- poppler-0.12.4/poppler/GfxState.cc	2010-01-20 23:02:06.000000000 +0100
++++ poppler-0.12.4/poppler/GfxState.cc	2010-11-25 11:24:07.000000000 +0100
+@@ -2519,15 +2519,25 @@ GBool GfxShading::init(Dict *dict, Gfx *
+   hasBBox = gFalse;
+   if (dict->lookup("BBox", &obj1)->isArray()) {
+     if (obj1.arrayGetLength() == 4) {
+-      hasBBox = gTrue;
+-      xMin = obj1.arrayGet(0, &obj2)->getNum();
+-      obj2.free();
+-      yMin = obj1.arrayGet(1, &obj2)->getNum();
+-      obj2.free();
+-      xMax = obj1.arrayGet(2, &obj2)->getNum();
+-      obj2.free();
+-      yMax = obj1.arrayGet(3, &obj2)->getNum();
++      Object obj3, obj4, obj5;
++      obj1.arrayGet(0, &obj2);
++      obj1.arrayGet(1, &obj3);
++      obj1.arrayGet(2, &obj4);
++      obj1.arrayGet(3, &obj5);
++      if (obj2.isNum() && obj3.isNum() && obj4.isNum() && obj5.isNum())
++      {
++        hasBBox = gTrue;
++        xMin = obj2.getNum();
++        yMin = obj3.getNum();
++        xMax = obj4.getNum();
++        yMax = obj5.getNum();
++      } else {
++        error(-1, "Bad BBox in shading dictionary (Values not numbers)");
++      }
+       obj2.free();
++      obj3.free();
++      obj4.free();
++      obj5.free();
+     } else {
+       error(-1, "Bad BBox in shading dictionary");
+     }
diff --git a/poppler.spec b/poppler.spec
index 73c7e8d..d4ab5b7 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -2,7 +2,7 @@
 Summary: PDF rendering library
 Name: poppler
 Version: 0.12.4
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2
 Group: Development/Libraries
 URL:     http://poppler.freedesktop.org/
@@ -33,6 +33,8 @@ Patch107: poppler-0.12.4-CVE-2010-3702.patch
 Patch108: poppler-0.12.4-CVE-2010-3703.patch
 # http://bugzilla.redhat.com/show_bug.cgi?id=638960
 Patch109: poppler-0.12.4-CVE-2010-3704.patch
+# http://bugzilla.redhat.com/show_bug.cgi?id=625744
+Patch110: poppler-0.12.4-check-numbers.patch
 
 Requires: poppler-data >= 0.4.0
 BuildRequires: automake libtool
@@ -146,6 +148,7 @@ converting PDF files to a number of other formats.
 %patch107 -p1 -b .CVE-2010-3702
 %patch108 -p1 -b .CVE-2010-3703
 %patch109 -p1 -b .CVE-2010-3704
+%patch110 -p1 -b .check-numbers
 
 chmod -x goo/GooTimer.h
 
@@ -249,6 +252,10 @@ rm -rf $RPM_BUILD_ROOT
 
 
 %changelog
+* Thu Nov 25 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-7
+- Check the objects are numbers before using them
+- Resolves: #625744
+
 * Thu Oct  7 2010 Marek Kasik <mkasik at redhat.com> - 0.12.4-6
 - Add poppler-0.12.4-CVE-2010-3702.patch
     (Properly initialize parser)
