From fae027ba626ed63093ec3f221749694945d7eb25 Mon Sep 17 00:00:00 2001 From: Pavel Zhukov Date: Fri, 24 Jan 2014 09:46:05 +0000 Subject: [PATCH] Fix stack overflow (#1056699) --- mupdf-xps_fix.patch | 102 ++++++++++++++++++++++++++++++++++++++++++++ mupdf.spec | 38 +++-------------- 2 files changed, 108 insertions(+), 32 deletions(-) create mode 100644 mupdf-xps_fix.patch diff --git a/mupdf-xps_fix.patch b/mupdf-xps_fix.patch new file mode 100644 index 0000000..98575f5 --- /dev/null +++ b/mupdf-xps_fix.patch @@ -0,0 +1,102 @@ +diff --git a/xps/xps_common.c b/xps/xps_common.c +index eddef1b..31c2a5e 100644 +--- a/xps/xps_common.c ++++ b/xps/xps_common.c +@@ -89,7 +89,7 @@ xps_begin_opacity(xps_document *doc, fz_matrix ctm, fz_rect area, + if (scb_color_att) + { + fz_colorspace *colorspace; +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + xps_parse_color(doc, base_uri, scb_color_att, &colorspace, samples); + opacity = opacity * samples[0]; + } +@@ -208,12 +208,13 @@ void + xps_parse_color(xps_document *doc, char *base_uri, char *string, + fz_colorspace **csp, float *samples) + { ++ fz_context *ctx = doc->ctx; + char *p; + int i, n; + char buf[1024]; + char *profile; + +- *csp = fz_device_rgb; ++ *csp = fz_device_rgb; + + samples[0] = 1; + samples[1] = 0; +@@ -259,7 +260,7 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string, + profile = strchr(buf, ' '); + if (!profile) + { +- fz_warn(doc->ctx, "cannot find icc profile uri in '%s'", string); ++ fz_warn(ctx, "cannot find icc profile uri in '%s'", string); + return; + } + +@@ -267,15 +268,20 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string, + p = strchr(profile, ' '); + if (!p) + { +- fz_warn(doc->ctx, "cannot find component values in '%s'", profile); ++ fz_warn(ctx, "cannot find component values in '%s'", profile); + return; + } + + *p++ = 0; + n = count_commas(p) + 1; ++ if (n > FZ_MAX_COLORS) ++ { ++ fz_warn(ctx, "ignoring %d color components (max %d allowed)", n - FZ_MAX_COLORS, FZ_MAX_COLORS); ++ n = FZ_MAX_COLORS; ++ } + i = 0; +- while (i < n) +- { ++ while (i < n) ++ { + samples[i++] = fz_atof(p); + p = strchr(p, ','); + if (!p) +@@ -292,10 +298,10 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string, + /* TODO: load ICC profile */ + switch (n) + { +- case 2: *csp = fz_device_gray; break; +- case 4: *csp = fz_device_rgb; break; +- case 5: *csp = fz_device_cmyk; break; +- default: *csp = fz_device_gray; break; ++ case 2: *csp = fz_device_gray; break; ++ case 4: *csp = fz_device_rgb; break; ++ case 5: *csp = fz_device_cmyk; break; ++ default: *csp = fz_device_gray; break; + } + } + } +diff --git a/xps/xps_glyphs.c b/xps/xps_glyphs.c +index 6b26201..5a4faf0 100644 +--- a/xps/xps_glyphs.c ++++ b/xps/xps_glyphs.c +@@ -587,7 +587,7 @@ xps_parse_glyphs(xps_document *doc, fz_matrix ctm, + + if (fill_att) + { +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + fz_colorspace *colorspace; + + xps_parse_color(doc, base_uri, fill_att, &colorspace, samples); +diff --git a/xps/xps_path.c b/xps/xps_path.c +index 8650fbb..84fe14f 100644 +--- a/xps/xps_path.c ++++ b/xps/xps_path.c +@@ -825,7 +825,7 @@ xps_parse_path(xps_document *doc, fz_matrix ctm, char *base_uri, xps_resource *d + + fz_stroke_state *stroke = NULL; + fz_matrix transform; +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + fz_colorspace *colorspace; + fz_path *path; + fz_path *stroke_path = NULL; diff --git a/mupdf.spec b/mupdf.spec index f7fa9e7..ed93c8e 100644 --- a/mupdf.spec +++ b/mupdf.spec @@ -1,6 +1,6 @@ Name: mupdf Version: 1.1 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A lightweight PDF viewer and toolkit Group: Applications/Publishing License: GPLv3 @@ -9,6 +9,7 @@ Source0: http://mupdf.com/download/%{name}-%{version}-source.tar.gz Source1: %{name}.desktop ## http://bugs.ghostscript.com/show_bug.cgi?format=multiple&id=693010 Patch0: %{name}-upstream.patch +Patch1: %{name}-xps_fix.patch BuildRequires: openjpeg-devel jbig2dec-devel desktop-file-utils BuildRequires: libjpeg-devel freetype-devel libXext-devel @@ -40,6 +41,7 @@ applications that use mupdf and static libraries %prep %setup -q -n %{name}-%{version}-source %patch0 -p1 +%patch1 -p1 %build export CFLAGS="%{optflags}" @@ -87,6 +89,9 @@ update-desktop-database &> /dev/null || : %{_libdir}/libfitz.a %changelog +* Fri Jan 24 2014 Pavel Zhukov - 1.1-5 +- Fix stack overflow (#1056699) + * Sat Aug 03 2013 Fedora Release Engineering - 1.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild @@ -108,34 +113,3 @@ update-desktop-database &> /dev/null || : * Fri Jan 13 2012 Fedora Release Engineering - 0.9-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -* Wed Oct 27 2011 Pavel Zhukov - 0.9-1 -- New release - -* Tue May 03 2011 Pavel Zhukov - 0.8.165-2 -- New upstream release -- Fix *.a and *.h permissions - -* Sun Mar 27 2011 Pavel Zhukov - 0.8.15-1 -- New upstream release - -* Tue Feb 9 2011 Pavel Zhukov - 0.7-7 -- Fix dependency for F13 - -* Sun Feb 7 2011 Pavel Zhukov - 0.7-6 -- roll back to static libraries patch for shared libs has been rejected -- Fix spec errors - -* Fri Jan 14 2011 Pavel Zhukov - 0.7-4 -- replac poitless macros to command names - -* Fri Jan 14 2011 Pavel Zhukov - 0.7-3 -- Create patch for optflags -- Change Summary -- Fix Require for devel package - -* Thu Jan 13 2011 Pavel Zhukov -0.7-2 -- add Fedora CFLAGS -- create patch for use shared library - -* Wed Jan 12 2011 Pavel Zhukov - 0.7-1 -- Initial package