Michael J Gruber
parent
4383cdfe1f
commit
15f1cc451a
|
|
@ -0,0 +1,50 @@
|
|||
From: Mamoru TASAKA <mtasaka@fedoraproject.org>
|
||||
Date: Sun, 18 Dec 2022 00:22:04 +0000 (+0900)
|
||||
Subject: Bug 706227: png_write_band: initialize stream before calling deflateBound
|
||||
X-Git-Url: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff_plain;h=a76b4ed0d3a2c7e52bba2d6c10b44d11d5ade2fe
|
||||
|
||||
Bug 706227: png_write_band: initialize stream before calling deflateBound
|
||||
|
||||
zlib deflateBound manual says when calling this function,
|
||||
stream should have been initialized via a call to deflateInit_()
|
||||
or deflateInit2_(), so change so.
|
||||
|
||||
Note that without this fix, "mutool draw -F png" segfaults on s390x,
|
||||
perhaps on big endian, uninitialized bytes of a value (which is
|
||||
not wholly initialized) is read, on the other hand, on little endian
|
||||
initialized bytes of the value is read, so it happens not to cause
|
||||
segfault.
|
||||
|
||||
Fixes https://bugs.ghostscript.com/show_bug.cgi?id=706227
|
||||
---
|
||||
|
||||
diff --git a/source/fitz/output-png.c b/source/fitz/output-png.c
|
||||
index 17279f913..979c75eeb 100644
|
||||
--- a/source/fitz/output-png.c
|
||||
+++ b/source/fitz/output-png.c
|
||||
@@ -236,6 +236,12 @@ png_write_band(fz_context *ctx, fz_band_writer *writer_, int stride, int band_st
|
||||
if (usize > SIZE_MAX / band_height)
|
||||
fz_throw(ctx, FZ_ERROR_GENERIC, "png data too large.");
|
||||
usize *= band_height;
|
||||
+ writer->stream.opaque = ctx;
|
||||
+ writer->stream.zalloc = fz_zlib_alloc;
|
||||
+ writer->stream.zfree = fz_zlib_free;
|
||||
+ err = deflateInit(&writer->stream, Z_DEFAULT_COMPRESSION);
|
||||
+ if (err != Z_OK)
|
||||
+ fz_throw(ctx, FZ_ERROR_GENERIC, "compression error %d", err);
|
||||
writer->usize = usize;
|
||||
/* Now figure out how large a buffer we need to compress into.
|
||||
* deflateBound always expands a bit, and it's limited by being
|
||||
@@ -245,12 +251,6 @@ png_write_band(fz_context *ctx, fz_band_writer *writer_, int stride, int band_st
|
||||
writer->csize = UINT32_MAX;
|
||||
writer->udata = Memento_label(fz_malloc(ctx, writer->usize), "png_write_udata");
|
||||
writer->cdata = Memento_label(fz_malloc(ctx, writer->csize), "png_write_cdata");
|
||||
- writer->stream.opaque = ctx;
|
||||
- writer->stream.zalloc = fz_zlib_alloc;
|
||||
- writer->stream.zfree = fz_zlib_free;
|
||||
- err = deflateInit(&writer->stream, Z_DEFAULT_COMPRESSION);
|
||||
- if (err != Z_OK)
|
||||
- fz_throw(ctx, FZ_ERROR_GENERIC, "compression error %d", err);
|
||||
}
|
||||
|
||||
dp = writer->udata;
|
||||
|
|
@ -14,6 +14,7 @@ URL: http://mupdf.com/
|
|||
Source0: http://mupdf.com/downloads/archive/%{name}-%{upversion}-source.tar.gz
|
||||
Source1: %{name}.desktop
|
||||
Source2: %{name}-gl.desktop
|
||||
Patch: mupdf-1.21.1-fix-png_write_band.patch
|
||||
BuildRequires: gcc gcc-c++ make binutils desktop-file-utils coreutils pkgconfig
|
||||
BuildRequires: openjpeg2-devel desktop-file-utils
|
||||
BuildRequires: libjpeg-devel freetype-devel libXext-devel curl-devel
|
||||
|
|
@ -60,7 +61,7 @@ The mupdf-devel package contains header files for developing
|
|||
applications that use mupdf and static libraries
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{upversion}-source
|
||||
%autosetup -p1 -n %{name}-%{upversion}-source
|
||||
for d in $(ls thirdparty | grep -v -e extract -e freeglut -e lcms2 -e mujs)
|
||||
do
|
||||
rm -rf thirdparty/$d
|
||||
|
|
|
|||
Loading…
Reference in New Issue