Fix stack overflow (#1056699)
This commit is contained in:
parent
4d7c4aa08c
commit
fae027ba62
|
@ -0,0 +1,102 @@
|
||||||
|
diff --git a/xps/xps_common.c b/xps/xps_common.c
|
||||||
|
index eddef1b..31c2a5e 100644
|
||||||
|
--- a/xps/xps_common.c
|
||||||
|
+++ b/xps/xps_common.c
|
||||||
|
@@ -89,7 +89,7 @@ xps_begin_opacity(xps_document *doc, fz_matrix ctm, fz_rect area,
|
||||||
|
if (scb_color_att)
|
||||||
|
{
|
||||||
|
fz_colorspace *colorspace;
|
||||||
|
- float samples[32];
|
||||||
|
+ float samples[FZ_MAX_COLORS];
|
||||||
|
xps_parse_color(doc, base_uri, scb_color_att, &colorspace, samples);
|
||||||
|
opacity = opacity * samples[0];
|
||||||
|
}
|
||||||
|
@@ -208,12 +208,13 @@ void
|
||||||
|
xps_parse_color(xps_document *doc, char *base_uri, char *string,
|
||||||
|
fz_colorspace **csp, float *samples)
|
||||||
|
{
|
||||||
|
+ fz_context *ctx = doc->ctx;
|
||||||
|
char *p;
|
||||||
|
int i, n;
|
||||||
|
char buf[1024];
|
||||||
|
char *profile;
|
||||||
|
|
||||||
|
- *csp = fz_device_rgb;
|
||||||
|
+ *csp = fz_device_rgb;
|
||||||
|
|
||||||
|
samples[0] = 1;
|
||||||
|
samples[1] = 0;
|
||||||
|
@@ -259,7 +260,7 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
|
||||||
|
profile = strchr(buf, ' ');
|
||||||
|
if (!profile)
|
||||||
|
{
|
||||||
|
- fz_warn(doc->ctx, "cannot find icc profile uri in '%s'", string);
|
||||||
|
+ fz_warn(ctx, "cannot find icc profile uri in '%s'", string);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -267,15 +268,20 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
|
||||||
|
p = strchr(profile, ' ');
|
||||||
|
if (!p)
|
||||||
|
{
|
||||||
|
- fz_warn(doc->ctx, "cannot find component values in '%s'", profile);
|
||||||
|
+ fz_warn(ctx, "cannot find component values in '%s'", profile);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
*p++ = 0;
|
||||||
|
n = count_commas(p) + 1;
|
||||||
|
+ if (n > FZ_MAX_COLORS)
|
||||||
|
+ {
|
||||||
|
+ fz_warn(ctx, "ignoring %d color components (max %d allowed)", n - FZ_MAX_COLORS, FZ_MAX_COLORS);
|
||||||
|
+ n = FZ_MAX_COLORS;
|
||||||
|
+ }
|
||||||
|
i = 0;
|
||||||
|
- while (i < n)
|
||||||
|
- {
|
||||||
|
+ while (i < n)
|
||||||
|
+ {
|
||||||
|
samples[i++] = fz_atof(p);
|
||||||
|
p = strchr(p, ',');
|
||||||
|
if (!p)
|
||||||
|
@@ -292,10 +298,10 @@ xps_parse_color(xps_document *doc, char *base_uri, char *string,
|
||||||
|
/* TODO: load ICC profile */
|
||||||
|
switch (n)
|
||||||
|
{
|
||||||
|
- case 2: *csp = fz_device_gray; break;
|
||||||
|
- case 4: *csp = fz_device_rgb; break;
|
||||||
|
- case 5: *csp = fz_device_cmyk; break;
|
||||||
|
- default: *csp = fz_device_gray; break;
|
||||||
|
+ case 2: *csp = fz_device_gray; break;
|
||||||
|
+ case 4: *csp = fz_device_rgb; break;
|
||||||
|
+ case 5: *csp = fz_device_cmyk; break;
|
||||||
|
+ default: *csp = fz_device_gray; break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
diff --git a/xps/xps_glyphs.c b/xps/xps_glyphs.c
|
||||||
|
index 6b26201..5a4faf0 100644
|
||||||
|
--- a/xps/xps_glyphs.c
|
||||||
|
+++ b/xps/xps_glyphs.c
|
||||||
|
@@ -587,7 +587,7 @@ xps_parse_glyphs(xps_document *doc, fz_matrix ctm,
|
||||||
|
|
||||||
|
if (fill_att)
|
||||||
|
{
|
||||||
|
- float samples[32];
|
||||||
|
+ float samples[FZ_MAX_COLORS];
|
||||||
|
fz_colorspace *colorspace;
|
||||||
|
|
||||||
|
xps_parse_color(doc, base_uri, fill_att, &colorspace, samples);
|
||||||
|
diff --git a/xps/xps_path.c b/xps/xps_path.c
|
||||||
|
index 8650fbb..84fe14f 100644
|
||||||
|
--- a/xps/xps_path.c
|
||||||
|
+++ b/xps/xps_path.c
|
||||||
|
@@ -825,7 +825,7 @@ xps_parse_path(xps_document *doc, fz_matrix ctm, char *base_uri, xps_resource *d
|
||||||
|
|
||||||
|
fz_stroke_state *stroke = NULL;
|
||||||
|
fz_matrix transform;
|
||||||
|
- float samples[32];
|
||||||
|
+ float samples[FZ_MAX_COLORS];
|
||||||
|
fz_colorspace *colorspace;
|
||||||
|
fz_path *path;
|
||||||
|
fz_path *stroke_path = NULL;
|
38
mupdf.spec
38
mupdf.spec
|
@ -1,6 +1,6 @@
|
||||||
Name: mupdf
|
Name: mupdf
|
||||||
Version: 1.1
|
Version: 1.1
|
||||||
Release: 4%{?dist}
|
Release: 5%{?dist}
|
||||||
Summary: A lightweight PDF viewer and toolkit
|
Summary: A lightweight PDF viewer and toolkit
|
||||||
Group: Applications/Publishing
|
Group: Applications/Publishing
|
||||||
License: GPLv3
|
License: GPLv3
|
||||||
|
@ -9,6 +9,7 @@ Source0: http://mupdf.com/download/%{name}-%{version}-source.tar.gz
|
||||||
Source1: %{name}.desktop
|
Source1: %{name}.desktop
|
||||||
## http://bugs.ghostscript.com/show_bug.cgi?format=multiple&id=693010
|
## http://bugs.ghostscript.com/show_bug.cgi?format=multiple&id=693010
|
||||||
Patch0: %{name}-upstream.patch
|
Patch0: %{name}-upstream.patch
|
||||||
|
Patch1: %{name}-xps_fix.patch
|
||||||
BuildRequires: openjpeg-devel jbig2dec-devel desktop-file-utils
|
BuildRequires: openjpeg-devel jbig2dec-devel desktop-file-utils
|
||||||
BuildRequires: libjpeg-devel freetype-devel libXext-devel
|
BuildRequires: libjpeg-devel freetype-devel libXext-devel
|
||||||
|
|
||||||
|
@ -40,6 +41,7 @@ applications that use mupdf and static libraries
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{version}-source
|
%setup -q -n %{name}-%{version}-source
|
||||||
%patch0 -p1
|
%patch0 -p1
|
||||||
|
%patch1 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
export CFLAGS="%{optflags}"
|
export CFLAGS="%{optflags}"
|
||||||
|
@ -87,6 +89,9 @@ update-desktop-database &> /dev/null || :
|
||||||
%{_libdir}/libfitz.a
|
%{_libdir}/libfitz.a
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jan 24 2014 Pavel Zhukov <landgraf@fedoraproject.org> - 1.1-5
|
||||||
|
- Fix stack overflow (#1056699)
|
||||||
|
|
||||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1-4
|
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.1-4
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||||
|
|
||||||
|
@ -108,34 +113,3 @@ update-desktop-database &> /dev/null || :
|
||||||
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-2
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-2
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
* Wed Oct 27 2011 Pavel Zhukov <landgraf@fedoraproject.org> - 0.9-1
|
|
||||||
- New release
|
|
||||||
|
|
||||||
* Tue May 03 2011 Pavel Zhukov <landgraf@fedoraproject.org> - 0.8.165-2
|
|
||||||
- New upstream release
|
|
||||||
- Fix *.a and *.h permissions
|
|
||||||
|
|
||||||
* Sun Mar 27 2011 Pavel Zhukov <landgraf@fedoraproject.org> - 0.8.15-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Tue Feb 9 2011 Pavel Zhukov <landgraf@fedoraproject.org> - 0.7-7
|
|
||||||
- Fix dependency for F13
|
|
||||||
|
|
||||||
* Sun Feb 7 2011 Pavel Zhukov <landgraf@fedoraproject.org> - 0.7-6
|
|
||||||
- roll back to static libraries patch for shared libs has been rejected
|
|
||||||
- Fix spec errors
|
|
||||||
|
|
||||||
* Fri Jan 14 2011 Pavel Zhukov <landgraf@fedoraproject.org> - 0.7-4
|
|
||||||
- replac poitless macros to command names
|
|
||||||
|
|
||||||
* Fri Jan 14 2011 Pavel Zhukov <landgraf@fedoraproject.org> - 0.7-3
|
|
||||||
- Create patch for optflags
|
|
||||||
- Change Summary
|
|
||||||
- Fix Require for devel package
|
|
||||||
|
|
||||||
* Thu Jan 13 2011 Pavel Zhukov <landgraf@fedoraproject.org> -0.7-2
|
|
||||||
- add Fedora CFLAGS
|
|
||||||
- create patch for use shared library
|
|
||||||
|
|
||||||
* Wed Jan 12 2011 Pavel Zhukov <landgraf@fedoraproject.org> - 0.7-1
|
|
||||||
- Initial package
|
|
||||||
|
|
Loading…
Reference in New Issue