import UBI poppler-21.01.0-24.el9_8.1

This commit is contained in:
AlmaLinux RelEng Bot 2026-06-10 08:01:29 -04:00
parent 41efb750a8
commit 6aef96ba2c
2 changed files with 46 additions and 1 deletions

View File

@ -0,0 +1,38 @@
From 678bed7fc23bc14eb5f3ff4dfbaa10f2b252cf21 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Thu, 21 May 2026 17:51:51 +0200
Subject: [PATCH] SplashOutputDev: Fix integer overflow in tilingPatternFill
Use checkedMultiply() to check integer multiplication of surface size
and number of repetitions to avoid integer overflow and possible memory issues.
Fixes: #1715
---
poppler/SplashOutputDev.cc | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/poppler/SplashOutputDev.cc b/poppler/SplashOutputDev.cc
index 705aae25..f10d6538 100644
--- a/poppler/SplashOutputDev.cc
+++ b/poppler/SplashOutputDev.cc
@@ -4327,7 +4328,7 @@ bool SplashOutputDev::tilingPatternFill(GfxState *state, Gfx *gfxA, Catalog * /*
matc[2] = ctm[2];
matc[3] = ctm[3];
- if (surface_width == 0 || surface_height == 0 || repeatX * repeatY <= 4) {
+ if (surface_width == 0 || surface_height == 0 || repeatX * repeatY <= 4 || checkedMultiply(surface_width, repeatX, &result_width) || checkedMultiply(surface_height, repeatY, &result_height)) {
state->setCTM(savedCTM[0], savedCTM[1], savedCTM[2], savedCTM[3], savedCTM[4], savedCTM[5]);
return false;
}
@@ -4349,8 +4350,6 @@ bool SplashOutputDev::tilingPatternFill(GfxState *state, Gfx *gfxA, Catalog * /*
kx = matc[0];
ky = matc[3] - (matc[1] * matc[2]) / matc[0];
}
- result_width = surface_width * repeatX;
- result_height = surface_height * repeatY;
kx = result_width / (fabs(kx) + 1);
ky = result_height / (fabs(ky) + 1);
state->concatCTM(kx, 0, 0, ky, 0, 0);
--
2.54.0

View File

@ -3,7 +3,7 @@
Summary: PDF rendering library
Name: poppler
Version: 21.01.0
Release: 24%{?dist}
Release: 24%{?dist}.1
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
URL: http://poppler.freedesktop.org/
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@ -60,6 +60,9 @@ Patch15: poppler-21.01.0-check-bitmap-in-combine.patch
# https://issues.redhat.com/browse/RHEL-126070
Patch16: poppler-21.01.0-fix-pdfsig-man-page.patch
# https://issues.redhat.com/browse/RHEL-180580
Patch17: poppler-21.01.0-tilingPatternFill-overflow.patch
BuildRequires: make
BuildRequires: cmake
BuildRequires: gcc-c++
@ -253,6 +256,10 @@ test "$(pkg-config --modversion poppler-qt5)" = "%{version}"
%{_mandir}/man1/*
%changelog
* Sun May 31 2026 Marek Kasik <mkasik@redhat.com> - 21.01.0-24.el9_8.1
- Fix integer overflow in tilingPatternFill (CVE-2026-10118)
- Resolves: RHEL-180580
* Mon Dec 22 2025 Marek Kasik <mkasik@redhat.com> - 21.01.0-24
- Fix pdfsig's man page
- Resolves: RHEL-126070