import UBI poppler-21.01.0-24.el9_8.1
This commit is contained in:
parent
41efb750a8
commit
6aef96ba2c
38
SOURCES/poppler-21.01.0-tilingPatternFill-overflow.patch
Normal file
38
SOURCES/poppler-21.01.0-tilingPatternFill-overflow.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From 678bed7fc23bc14eb5f3ff4dfbaa10f2b252cf21 Mon Sep 17 00:00:00 2001
|
||||
From: Marek Kasik <mkasik@redhat.com>
|
||||
Date: Thu, 21 May 2026 17:51:51 +0200
|
||||
Subject: [PATCH] SplashOutputDev: Fix integer overflow in tilingPatternFill
|
||||
|
||||
Use checkedMultiply() to check integer multiplication of surface size
|
||||
and number of repetitions to avoid integer overflow and possible memory issues.
|
||||
|
||||
Fixes: #1715
|
||||
---
|
||||
poppler/SplashOutputDev.cc | 5 ++---
|
||||
1 file changed, 2 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/poppler/SplashOutputDev.cc b/poppler/SplashOutputDev.cc
|
||||
index 705aae25..f10d6538 100644
|
||||
--- a/poppler/SplashOutputDev.cc
|
||||
+++ b/poppler/SplashOutputDev.cc
|
||||
@@ -4327,7 +4328,7 @@ bool SplashOutputDev::tilingPatternFill(GfxState *state, Gfx *gfxA, Catalog * /*
|
||||
matc[2] = ctm[2];
|
||||
matc[3] = ctm[3];
|
||||
|
||||
- if (surface_width == 0 || surface_height == 0 || repeatX * repeatY <= 4) {
|
||||
+ if (surface_width == 0 || surface_height == 0 || repeatX * repeatY <= 4 || checkedMultiply(surface_width, repeatX, &result_width) || checkedMultiply(surface_height, repeatY, &result_height)) {
|
||||
state->setCTM(savedCTM[0], savedCTM[1], savedCTM[2], savedCTM[3], savedCTM[4], savedCTM[5]);
|
||||
return false;
|
||||
}
|
||||
@@ -4349,8 +4350,6 @@ bool SplashOutputDev::tilingPatternFill(GfxState *state, Gfx *gfxA, Catalog * /*
|
||||
kx = matc[0];
|
||||
ky = matc[3] - (matc[1] * matc[2]) / matc[0];
|
||||
}
|
||||
- result_width = surface_width * repeatX;
|
||||
- result_height = surface_height * repeatY;
|
||||
kx = result_width / (fabs(kx) + 1);
|
||||
ky = result_height / (fabs(ky) + 1);
|
||||
state->concatCTM(kx, 0, 0, ky, 0, 0);
|
||||
--
|
||||
2.54.0
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
Summary: PDF rendering library
|
||||
Name: poppler
|
||||
Version: 21.01.0
|
||||
Release: 24%{?dist}
|
||||
Release: 24%{?dist}.1
|
||||
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
|
||||
URL: http://poppler.freedesktop.org/
|
||||
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
|
||||
@ -60,6 +60,9 @@ Patch15: poppler-21.01.0-check-bitmap-in-combine.patch
|
||||
# https://issues.redhat.com/browse/RHEL-126070
|
||||
Patch16: poppler-21.01.0-fix-pdfsig-man-page.patch
|
||||
|
||||
# https://issues.redhat.com/browse/RHEL-180580
|
||||
Patch17: poppler-21.01.0-tilingPatternFill-overflow.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gcc-c++
|
||||
@ -253,6 +256,10 @@ test "$(pkg-config --modversion poppler-qt5)" = "%{version}"
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Sun May 31 2026 Marek Kasik <mkasik@redhat.com> - 21.01.0-24.el9_8.1
|
||||
- Fix integer overflow in tilingPatternFill (CVE-2026-10118)
|
||||
- Resolves: RHEL-180580
|
||||
|
||||
* Mon Dec 22 2025 Marek Kasik <mkasik@redhat.com> - 21.01.0-24
|
||||
- Fix pdfsig's man page
|
||||
- Resolves: RHEL-126070
|
||||
|
||||
Loading…
Reference in New Issue
Block a user