Fix buffer overflow in pdf-layer.c (#1439643)
This commit is contained in:
parent
71ac78f599
commit
20aa2225f8
|
@ -0,0 +1,44 @@
|
|||
commit 2590fed7a355a421f062ebd4293df892800fa7ac
|
||||
Author: Sebastian Rasmussen <sebras@gmail.com>
|
||||
Date: Thu Dec 1 17:15:27 2016 -0500
|
||||
|
||||
Bug 697400: Mark visited objects when counting OCG layer entries.
|
||||
|
||||
diff --git a/source/pdf/pdf-layer.c b/source/pdf/pdf-layer.c
|
||||
index 3296b6c..fc29c9d 100644
|
||||
--- a/source/pdf/pdf-layer.c
|
||||
+++ b/source/pdf/pdf-layer.c
|
||||
@@ -90,7 +90,14 @@ count_entries(fz_context *ctx, pdf_obj *obj)
|
||||
for (i = 0; i < len; i++)
|
||||
{
|
||||
pdf_obj *o = pdf_array_get(ctx, obj, i);
|
||||
- count += (pdf_is_array(ctx, o) ? count_entries(ctx, o) : 1);
|
||||
+ if (pdf_mark_obj(ctx, o))
|
||||
+ continue;
|
||||
+ fz_try(ctx)
|
||||
+ count += (pdf_is_array(ctx, o) ? count_entries(ctx, o) : 1);
|
||||
+ fz_always(ctx)
|
||||
+ pdf_unmark_obj(ctx, o);
|
||||
+ fz_catch(ctx)
|
||||
+ fz_rethrow(ctx);
|
||||
}
|
||||
return count;
|
||||
}
|
||||
@@ -106,7 +113,16 @@ populate_ui(fz_context *ctx, pdf_ocg_descriptor *desc, pdf_ocg_ui *ui, pdf_obj *
|
||||
pdf_obj *o = pdf_array_get(ctx, order, i);
|
||||
if (pdf_is_array(ctx, o))
|
||||
{
|
||||
- ui = populate_ui(ctx, desc, ui, o, depth+1, rbgroups, locked);
|
||||
+ if (pdf_mark_obj(ctx, o))
|
||||
+ continue;
|
||||
+
|
||||
+ fz_try(ctx)
|
||||
+ ui = populate_ui(ctx, desc, ui, o, depth+1, rbgroups, locked);
|
||||
+ fz_always(ctx)
|
||||
+ pdf_unmark_obj(ctx, o);
|
||||
+ fz_catch(ctx)
|
||||
+ fz_rethrow(ctx);
|
||||
+
|
||||
continue;
|
||||
}
|
||||
ui->depth = depth;
|
|
@ -1,6 +1,6 @@
|
|||
Name: mupdf
|
||||
Version: 1.10a
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Summary: A lightweight PDF viewer and toolkit
|
||||
Group: Applications/Publishing
|
||||
License: GPLv3
|
||||
|
@ -15,6 +15,8 @@ Patch0: %{name}-1.10a-openjpeg.patch
|
|||
## https://bugzilla.redhat.com/show_bug.cgi?id=1425338
|
||||
Patch1: %{name}-Bug-697500-Fix-NULL-ptr-access.patch
|
||||
Patch2: %{name}-bug-697515-Fix-out-of-bounds-read-in-fz_subsample_pi.patch
|
||||
Patch3: %{name}-bz1439643.patch
|
||||
|
||||
|
||||
%description
|
||||
MuPDF is a lightweight PDF viewer and toolkit written in portable C.
|
||||
|
@ -47,6 +49,7 @@ rm -rf thirdparty
|
|||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
export CFLAGS="%{optflags} -fPIC -DJBIG_NO_MEMENTO -DTOFU -DTOFU_CJK"
|
||||
|
@ -84,6 +87,9 @@ update-desktop-database &> /dev/null || :
|
|||
%{_libdir}/lib%{name}*.a
|
||||
|
||||
%changelog
|
||||
* Thu Apr 6 2017 Pavel Zhukov <landgraf@fedoraproject.org> - 1.10a-5
|
||||
- Fix stack consumption CVE (#1439643)
|
||||
|
||||
* Thu Mar 2 2017 Pavel Zhukov <landgraf@fedoraproject.org> - 1.10a-4
|
||||
- fix buffer overflow (#1425338)
|
||||
|
||||
|
|
Loading…
Reference in New Issue