[poppler/f19] Fix several crashers
mkasik
mkasik at fedoraproject.org
Fri Dec 12 15:55:02 UTC 2014
commit d556d4e7cf549b283349a75230cb23222b760fa1
Author: Marek Kasik <mkasik at redhat.com>
Date: Fri Dec 12 16:52:56 2014 +0100
Fix several crashers
poppler-0.22.1-fofitype1.patch | 31 +++++++++++++++++++++++++++++++
poppler-0.22.1-pdfdoc-getpage.patch | 21 +++++++++++++++++++++
poppler-0.22.1-xref-getentry.patch | 30 ++++++++++++++++++++++++++++++
poppler.spec | 12 +++++++++++-
4 files changed, 93 insertions(+), 1 deletions(-)
---
diff --git a/poppler-0.22.1-fofitype1.patch b/poppler-0.22.1-fofitype1.patch
new file mode 100644
index 0000000..216a3aa
--- /dev/null
+++ b/poppler-0.22.1-fofitype1.patch
@@ -0,0 +1,31 @@
+commit f966b8766d40b2c912e69a1e17ef8cc4bd52be95
+Author: Carlos Garcia Campos <carlosgc at gnome.org>
+Date: Tue Oct 21 16:42:27 2014 +0200
+
+ fofi: Fix a crash when parsing an invalid font due to a integer overflow
+
+ This fixes a crash rendering trust_metrics.f2495.f0.pdf.
+
+diff --git a/fofi/FoFiType1.cc b/fofi/FoFiType1.cc
+index 8fa10a0..2245184 100644
+--- a/fofi/FoFiType1.cc
++++ b/fofi/FoFiType1.cc
+@@ -263,7 +263,7 @@ void FoFiType1::parse() {
+ } else {
+ break;
+ }
+- for (; *p >= '0' && *p < '0' + base; ++p) {
++ for (; *p >= '0' && *p < '0' + base && code < INT_MAX / (base + (*p - '0')); ++p) {
+ code = code * base + (*p - '0');
+ }
+ for (; *p == ' ' || *p == '\t'; ++p) ;
+--- a/poppler/Error.h
++++ b/poppler/Error.h
+@@ -33,6 +33,7 @@
+
+ #include <stdarg.h>
+ #include "poppler-config.h"
++#include "goo/GooString.h"
+
+ enum ErrorCategory {
+ errSyntaxWarning, // PDF syntax error which can be worked around;
diff --git a/poppler-0.22.1-pdfdoc-getpage.patch b/poppler-0.22.1-pdfdoc-getpage.patch
new file mode 100644
index 0000000..880079d
--- /dev/null
+++ b/poppler-0.22.1-pdfdoc-getpage.patch
@@ -0,0 +1,21 @@
+commit ee4a389872d86b619c677888da8f13f1f6c54472
+Author: Adrian Johnson <ajohnson at redneon.com>
+Date: Mon Oct 20 22:32:30 2014 +1030
+
+ PDFDoc: fix crash when getPage() returns NULL
+
+ Bug 85235
+
+diff --git a/poppler/PDFDoc.cc b/poppler/PDFDoc.cc
+index d1b5d7b..8fd5e18 100644
+--- a/poppler/PDFDoc.cc
++++ b/poppler/PDFDoc.cc
+@@ -626,7 +626,7 @@ int PDFDoc::savePageAs(GooString *name, int pageNo)
+ int keyLength;
+ xref->getEncryptionParameters(&fileKey, &encAlgorithm, &keyLength);
+
+- if (pageNo < 1 || pageNo > getNumPages()) {
++ if (pageNo < 1 || pageNo > getNumPages() || !getCatalog()->getPage(pageNo)) {
+ error(errInternal, -1, "Illegal pageNo: {0:d}({1:d})", pageNo, getNumPages() );
+ return errOpenFile;
+ }
diff --git a/poppler-0.22.1-xref-getentry.patch b/poppler-0.22.1-xref-getentry.patch
new file mode 100644
index 0000000..785230e
--- /dev/null
+++ b/poppler-0.22.1-xref-getentry.patch
@@ -0,0 +1,30 @@
+commit d6ea8acbb348fdb43601a963ba5407e933565003
+Author: Adrian Johnson <ajohnson at redneon.com>
+Date: Mon Nov 3 19:11:25 2014 +0100
+
+ fix crash in Xref::getEntry
+
+ Bug 85234
+
+diff --git a/poppler/XRef.cc b/poppler/XRef.cc
+index 2560e3d..333f5ec 100644
+--- a/poppler/XRef.cc
++++ b/poppler/XRef.cc
+@@ -1568,7 +1568,7 @@ GBool XRef::parseEntry(Goffset offset, XRefEntry *entry)
+ void XRef::readXRefUntil(int untilEntryNum, std::vector<int> *xrefStreamObjsNum)
+ {
+ std::vector<Guint> followedPrev;
+- while (prevXRefOffset && (untilEntryNum == -1 || entries[untilEntryNum].type == xrefEntryNone)) {
++ while (prevXRefOffset && (untilEntryNum == -1 || (untilEntryNum < size && entries[untilEntryNum].type == xrefEntryNone))) {
+ bool followed = false;
+ for (size_t j = 0; j < followedPrev.size(); j++) {
+ if (followedPrev.at(j) == prevXRefOffset) {
+@@ -1606,7 +1606,7 @@ void XRef::readXRefUntil(int untilEntryNum, std::vector<int> *xrefStreamObjsNum)
+
+ XRefEntry *XRef::getEntry(int i, GBool complainIfMissing)
+ {
+- if (entries[i].type == xrefEntryNone) {
++ if (i >= size || entries[i].type == xrefEntryNone) {
+
+ if ((!xRefStream) && mainXRefEntriesOffset) {
+ if (!parseEntry(mainXRefEntriesOffset + 20*i, &entries[i])) {
diff --git a/poppler.spec b/poppler.spec
index df1c149..7bd4ca1 100644
--- a/poppler.spec
+++ b/poppler.spec
@@ -1,7 +1,7 @@
Summary: PDF rendering library
Name: poppler
Version: 0.22.1
-Release: 6%{?dist}
+Release: 7%{?dist}
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
Group: Development/Libraries
URL: http://poppler.freedesktop.org/
@@ -22,6 +22,10 @@ Patch3: poppler-0.22.1-CVE-2013-4474.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1164389
Patch4: poppler-0.22.1-pdfdetach.patch
+Patch5: poppler-0.22.1-fofitype1.patch
+Patch6: poppler-0.22.1-pdfdoc-getpage.patch
+Patch7: poppler-0.22.1-xref-getentry.patch
+
Requires: poppler-data >= 0.4.0
BuildRequires: automake libtool
BuildRequires: gettext-devel
@@ -140,6 +144,9 @@ Requires: %{name}-glib%{?_isa} = %{version}-%{release}
%patch2 -p1 -b .CVE-2013-4473
%patch3 -p1 -b .CVE-2013-4474
%patch4 -p1 -b .pdfdetach
+%patch5 -p1 -b .fofitype1
+%patch6 -p1 -b .pdfdoc-getpage
+%patch7 -p1 -b .xref-getentry
iconv -f iso-8859-1 -t utf-8 < "utils/pdftohtml.1" > "utils/pdftohtml.1.utf8"
mv "utils/pdftohtml.1.utf8" "utils/pdftohtml.1"
@@ -262,6 +269,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
%changelog
+* Fri Dec 12 2014 Marek Kasik <mkasik at redhat.com> 0.22.1-7
+- Fix several crashers
+
* Fri Dec 12 2014 Marek Kasik <mkasik at redhat.com> 0.22.1-6
- Fix crash when getPage() returns NULL
- Resolves: #1164389
More information about the scm-commits
mailing list