Marek Kasik
parent
3ce9aadbf0
commit
50de5fa2e0
|
|
@ -0,0 +1,48 @@
|
|||
From efb68686784f0c58668b7ced990fd173e09346db Mon Sep 17 00:00:00 2001
|
||||
From: Albert Astals Cid <aacid@kde.org>
|
||||
Date: Thu, 18 Aug 2022 23:41:24 +0200
|
||||
Subject: pdfunite: Don't crash in broken documents
|
||||
|
||||
|
||||
diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc
|
||||
index 86e75555..a154f40d 100644
|
||||
--- a/utils/pdfunite.cc
|
||||
+++ b/utils/pdfunite.cc
|
||||
@@ -106,16 +106,21 @@ static void doMergeNameDict(PDFDoc *doc, XRef *srcXRef, XRef *countRef, int oldR
|
||||
}
|
||||
}
|
||||
|
||||
-static void doMergeFormDict(Dict *srcFormDict, Dict *mergeFormDict, int numOffset)
|
||||
+static bool doMergeFormDict(Dict *srcFormDict, Dict *mergeFormDict, int numOffset)
|
||||
{
|
||||
Object srcFields = srcFormDict->lookup("Fields");
|
||||
Object mergeFields = mergeFormDict->lookup("Fields");
|
||||
if (srcFields.isArray() && mergeFields.isArray()) {
|
||||
for (int i = 0; i < mergeFields.arrayGetLength(); i++) {
|
||||
const Object &value = mergeFields.arrayGetNF(i);
|
||||
+ if (!value.isRef()) {
|
||||
+ error(errSyntaxError, -1, "Fields object is not a Ref.");
|
||||
+ return false;
|
||||
+ }
|
||||
srcFields.arrayAdd(Object({ value.getRef().num + numOffset, value.getRef().gen }));
|
||||
}
|
||||
}
|
||||
+ return true;
|
||||
}
|
||||
|
||||
///////////////////////////////////////////////////////////////////////////
|
||||
@@ -332,7 +337,13 @@ int main(int argc, char *argv[])
|
||||
if (afObj.isNull()) {
|
||||
afObj = pageCatDict->lookupNF("AcroForm").copy();
|
||||
} else if (afObj.isDict()) {
|
||||
- doMergeFormDict(afObj.getDict(), pageForm.getDict(), numOffset);
|
||||
+ if (!doMergeFormDict(afObj.getDict(), pageForm.getDict(), numOffset)) {
|
||||
+ fclose(f);
|
||||
+ delete yRef;
|
||||
+ delete countRef;
|
||||
+ delete outStr;
|
||||
+ return -1;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
objectsCount += docs[i]->writePageObjects(outStr, yRef, numOffset, true);
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
Summary: PDF rendering library
|
||||
Name: poppler
|
||||
Version: 21.01.0
|
||||
Release: 14%{?dist}
|
||||
Release: 15%{?dist}
|
||||
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
|
||||
URL: http://poppler.freedesktop.org/
|
||||
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
|
||||
|
|
@ -35,6 +35,9 @@ Patch7: poppler-21.01.0-hints.patch
|
|||
# https://bugzilla.redhat.com/show_bug.cgi?id=2124527
|
||||
Patch8: poppler-21.01.0-jbig-symbol-overflow.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2189815
|
||||
Patch9: poppler-21.01.0-pdfunite-broken-document.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
|
|
@ -228,6 +231,10 @@ test "$(pkg-config --modversion poppler-qt5)" = "%{version}"
|
|||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Fri Jun 9 2023 Marek Kasik <mkasik@redhat.com> - 21.01.0-15
|
||||
- Don't crash in broken documents
|
||||
- Resolves: #2189848
|
||||
|
||||
* Mon Sep 26 2022 Marek Kasik <mkasik@redhat.com> - 21.01.0-14
|
||||
- Check for overflow when computing number of symbols
|
||||
- in JBIG2 text region
|
||||
|
|
|
|||
Loading…
Reference in New Issue