Marek Kasik
parent
856eb80a47
commit
59361ebf61
41
poppler-0.73.0-jpeg2000-component-size.patch
Normal file
41
poppler-0.73.0-jpeg2000-component-size.patch
Normal file
@ -0,0 +1,41 @@
|
||||
From 89a5367d49b2556a2635dbb6d48d6a6b182a2c6c Mon Sep 17 00:00:00 2001
|
||||
From: Albert Astals Cid <aacid@kde.org>
|
||||
Date: Thu, 23 May 2019 00:54:29 +0200
|
||||
Subject: [PATCH] JPEG2000Stream: fail gracefully if not all components have
|
||||
the same WxH
|
||||
|
||||
I think this is just a mistake, or at least the only file we have with
|
||||
this scenario is a fuzzed one
|
||||
---
|
||||
poppler/JPEG2000Stream.cc | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc
|
||||
index 15bbcae4..0eea3a2d 100644
|
||||
--- a/poppler/JPEG2000Stream.cc
|
||||
+++ b/poppler/JPEG2000Stream.cc
|
||||
@@ -4,7 +4,7 @@
|
||||
//
|
||||
// A JPX stream decoder using OpenJPEG
|
||||
//
|
||||
-// Copyright 2008-2010, 2012, 2017, 2018 Albert Astals Cid <aacid@kde.org>
|
||||
+// Copyright 2008-2010, 2012, 2017-2019 Albert Astals Cid <aacid@kde.org>
|
||||
// Copyright 2011 Daniel Glöckner <daniel-gl@gmx.net>
|
||||
// Copyright 2014, 2016 Thomas Freitag <Thomas.Freitag@alfa.de>
|
||||
// Copyright 2013, 2014 Adrian Johnson <ajohnson@redneon.com>
|
||||
@@ -253,6 +253,12 @@ void JPXStream::init()
|
||||
close();
|
||||
break;
|
||||
}
|
||||
+ const int componentPixels = priv->image->comps[component].w * priv->image->comps[component].h;
|
||||
+ if (componentPixels != priv->npixels) {
|
||||
+ error(errSyntaxWarning, -1, "Component {0:d} has different WxH than component 0", component);
|
||||
+ close();
|
||||
+ break;
|
||||
+ }
|
||||
unsigned char *cdata = (unsigned char *)priv->image->comps[component].data;
|
||||
int adjust = 0;
|
||||
int depth = priv->image->comps[component].prec;
|
||||
--
|
||||
2.21.0
|
||||
|
||||
10
poppler.spec
10
poppler.spec
@ -4,7 +4,7 @@
|
||||
Summary: PDF rendering library
|
||||
Name: poppler
|
||||
Version: 0.73.0
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
|
||||
URL: http://poppler.freedesktop.org/
|
||||
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
|
||||
@ -41,6 +41,9 @@ Patch13: poppler-0.73.0-rescale-filter.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1699862
|
||||
Patch14: poppler-0.73.0-scan-fonts.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1713582
|
||||
Patch15: poppler-0.73.0-jpeg2000-component-size.patch
|
||||
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: gettext-devel
|
||||
@ -271,6 +274,11 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Wed May 29 2019 Marek Kasik <mkasik@redhat.com> - 0.73.0-10
|
||||
- Fail gracefully if not all components of JPEG2000Stream
|
||||
- have the same size
|
||||
- Resolves: #1713585
|
||||
|
||||
* Wed Apr 17 2019 Marek Kasik <mkasik@redhat.com> - 0.73.0-9
|
||||
- Fix infinite loop in broken files
|
||||
- Resolves: #1699863
|
||||
|
||||
Loading…
Reference in New Issue
Block a user