[mupdf] Fix stack overflow (#1056699)
Pavel Zhukov
landgraf at fedoraproject.org
Fri Jan 24 09:46:01 UTC 2014
commit fae027ba626ed63093ec3f221749694945d7eb25
Author: Pavel Zhukov <landgraf at fedoraproject.org>
Date: Fri Jan 24 09:46:05 2014 +0000
Fix stack overflow (#1056699)
mupdf-xps_fix.patch | 102 +++++++++++++++++++++++++++++++++++++++++++++++++++
mupdf.spec | 38 +++----------------
2 files changed, 108 insertions(+), 32 deletions(-)
---
diff --git a/mupdf-xps_fix.patch b/mupdf-xps_fix.patch
new file mode 100644
index 0000000..98575f5
--- /dev/null
+++ b/mupdf-xps_fix.patch
@@ -0,0 +1,102 @@
+diff --git a/xps/xps_common.c b/xps/xps_common.c
+index eddef1b..31c2a5e 100644
+--- a/xps/xps_common.c
++++ b/xps/xps_common.c
+@@ -89,7 +89,7 @@ xps_begin_opacity(xps_document *doc, fz_matrix ctm, fz_rect area,
+ if (scb_color_att)
+ {
+ fz_colorspace *colorspace;
+- float samples[32];
++ float samples[FZ_MAX_COLORS];
+ xps_parse_color(doc, base_uri, scb_color_att, &colorspace, samples);
+ opacity = opacity * samples[0];
+ }
+@@ -208,12 +208,13 @@ void
+ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ fz_colorspace **csp, float *samples)
+ {
++ fz_context *ctx = doc->ctx;
+ char *p;
+ int i, n;
+ char buf[1024];
+ char *profile;
+
+- *csp = fz_device_rgb;
++ *csp = fz_device_rgb;
+
+ samples[0] = 1;
+ samples[1] = 0;
+@@ -259,7 +260,7 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ profile = strchr(buf, ' ');
+ if (!profile)
+ {
+- fz_warn(doc->ctx, "cannot find icc profile uri in '%s'", string);
++ fz_warn(ctx, "cannot find icc profile uri in '%s'", string);
+ return;
+ }
+
+@@ -267,15 +268,20 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ p = strchr(profile, ' ');
+ if (!p)
+ {
+- fz_warn(doc->ctx, "cannot find component values in '%s'", profile);
++ fz_warn(ctx, "cannot find component values in '%s'", profile);
+ return;
+ }
+
+ *p++ = 0;
+ n = count_commas(p) + 1;
++ if (n > FZ_MAX_COLORS)
++ {
++ fz_warn(ctx, "ignoring %d color components (max %d allowed)", n - FZ_MAX_COLORS, FZ_MAX_COLORS);
++ n = FZ_MAX_COLORS;
++ }
+ i = 0;
+- while (i < n)
+- {
++ while (i < n)
++ {
+ samples[i++] = fz_atof(p);
+ p = strchr(p, ',');
+ if (!p)
+@@ -292,10 +298,10 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
+ /* TODO: load ICC profile */
+ switch (n)
+ {
+- case 2: *csp = fz_device_gray; break;
+- case 4: *csp = fz_device_rgb; break;
+- case 5: *csp = fz_device_cmyk; break;
+- default: *csp = fz_device_gray; break;
++ case 2: *csp = fz_device_gray; break;
++ case 4: *csp = fz_device_rgb; break;
++ case 5: *csp = fz_device_cmyk; break;
++ default: *csp = fz_device_gray; break;
+ }
+ }
+ }
+diff --git a/xps/xps_glyphs.c b/xps/xps_glyphs.c
+index 6b26201..5a4faf0 100644
+--- a/xps/xps_glyphs.c
++++ b/xps/xps_glyphs.c
+@@ -587,7 +587,7 @@ xps_parse_glyphs(xps_document *doc, fz_matrix ctm,
+
+ if (fill_att)
+ {
+- float samples[32];
++ float samples[FZ_MAX_COLORS];
+ fz_colorspace *colorspace;
+
+ xps_parse_color(doc, base_uri, fill_att, &colorspace, samples);
+diff --git a/xps/xps_path.c b/xps/xps_path.c
+index 8650fbb..84fe14f 100644
+--- a/xps/xps_path.c
++++ b/xps/xps_path.c
+@@ -825,7 +825,7 @@ xps_parse_path(xps_document *doc, fz_matrix ctm, char *base_uri, xps_resource *d
+
+ fz_stroke_state *stroke = NULL;
+ fz_matrix transform;
+- float samples[32];
++ float samples[FZ_MAX_COLORS];
+ fz_colorspace *colorspace;
+ fz_path *path;
+ fz_path *stroke_path = NULL;
diff --git a/mupdf.spec b/mupdf.spec
index f7fa9e7..ed93c8e 100644
--- a/mupdf.spec
+++ b/mupdf.spec
@@ -1,6 +1,6 @@
Name: mupdf
Version: 1.1
-Release: 4%{?dist}
+Release: 5%{?dist}
Summary: A lightweight PDF viewer and toolkit
Group: Applications/Publishing
License: GPLv3
@@ -9,6 +9,7 @@ Source0: http://mupdf.com/download/%{name}-%{version}-source.tar.gz
Source1: %{name}.desktop
## http://bugs.ghostscript.com/show_bug.cgi?format=multiple&id=693010
Patch0: %{name}-upstream.patch
+Patch1: %{name}-xps_fix.patch
BuildRequires: openjpeg-devel jbig2dec-devel desktop-file-utils
BuildRequires: libjpeg-devel freetype-devel libXext-devel
@@ -40,6 +41,7 @@ applications that use mupdf and static libraries
%prep
%setup -q -n %{name}-%{version}-source
%patch0 -p1
+%patch1 -p1
%build
export CFLAGS="%{optflags}"
@@ -87,6 +89,9 @@ update-desktop-database &> /dev/null || :
%{_libdir}/libfitz.a
%changelog
+* Fri Jan 24 2014 Pavel Zhukov <landgraf at fedoraproject.org> - 1.1-5
+- Fix stack overflow (#1056699)
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
@@ -108,34 +113,3 @@ update-desktop-database &> /dev/null || :
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
-* Wed Oct 27 2011 Pavel Zhukov <landgraf at fedoraproject.org> - 0.9-1
-- New release
-
-* Tue May 03 2011 Pavel Zhukov <landgraf at fedoraproject.org> - 0.8.165-2
-- New upstream release
-- Fix *.a and *.h permissions
-
-* Sun Mar 27 2011 Pavel Zhukov <landgraf at fedoraproject.org> - 0.8.15-1
-- New upstream release
-
-* Tue Feb 9 2011 Pavel Zhukov <landgraf at fedoraproject.org> - 0.7-7
-- Fix dependency for F13
-
-* Sun Feb 7 2011 Pavel Zhukov <landgraf at fedoraproject.org> - 0.7-6
-- roll back to static libraries patch for shared libs has been rejected
-- Fix spec errors
-
-* Fri Jan 14 2011 Pavel Zhukov <landgraf at fedoraproject.org> - 0.7-4
-- replac poitless macros to command names
-
-* Fri Jan 14 2011 Pavel Zhukov <landgraf at fedoraproject.org> - 0.7-3
-- Create patch for optflags
-- Change Summary
-- Fix Require for devel package
-
-* Thu Jan 13 2011 Pavel Zhukov <landgraf at fedoraproject.org> -0.7-2
-- add Fedora CFLAGS
-- create patch for use shared library
-
-* Wed Jan 12 2011 Pavel Zhukov <landgraf at fedoraproject.org> - 0.7-1
-- Initial package
More information about the scm-commits
mailing list