diff --git a/poppler-20.11.0-pdfunite-broken-document.patch b/poppler-20.11.0-pdfunite-broken-document.patch new file mode 100644 index 0000000..11e4004 --- /dev/null +++ b/poppler-20.11.0-pdfunite-broken-document.patch @@ -0,0 +1,48 @@ +From efb68686784f0c58668b7ced990fd173e09346db Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Thu, 18 Aug 2022 23:41:24 +0200 +Subject: pdfunite: Don't crash in broken documents + + +diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc +index 86e75555..a154f40d 100644 +--- a/utils/pdfunite.cc ++++ b/utils/pdfunite.cc +@@ -106,16 +106,21 @@ static void doMergeNameDict(PDFDoc *doc, XRef *srcXRef, XRef *countRef, int oldR + } + } + +-static void doMergeFormDict(Dict *srcFormDict, Dict *mergeFormDict, int numOffset) ++static bool doMergeFormDict(Dict *srcFormDict, Dict *mergeFormDict, int numOffset) + { + Object srcFields = srcFormDict->lookup("Fields"); + Object mergeFields = mergeFormDict->lookup("Fields"); + if (srcFields.isArray() && mergeFields.isArray()) { + for (int i = 0; i < mergeFields.arrayGetLength(); i++) { + const Object &value = mergeFields.arrayGetNF(i); ++ if (!value.isRef()) { ++ error(errSyntaxError, -1, "Fields object is not a Ref."); ++ return false; ++ } + srcFields.arrayAdd(Object({ value.getRef().num + numOffset, value.getRef().gen })); + } + } ++ return true; + } + + /////////////////////////////////////////////////////////////////////////// +@@ -332,7 +337,13 @@ int main(int argc, char *argv[]) + if (afObj.isNull()) { + afObj = pageCatDict->lookupNF("AcroForm").copy(); + } else if (afObj.isDict()) { +- doMergeFormDict(afObj.getDict(), pageForm.getDict(), numOffset); ++ if (!doMergeFormDict(afObj.getDict(), pageForm.getDict(), numOffset)) { ++ fclose(f); ++ delete yRef; ++ delete countRef; ++ delete outStr; ++ return -1; ++ } + } + } + objectsCount += docs[i]->writePageObjects(outStr, yRef, numOffset, true); diff --git a/poppler.spec b/poppler.spec index f371dcc..0b0623f 100644 --- a/poppler.spec +++ b/poppler.spec @@ -4,7 +4,7 @@ Summary: PDF rendering library Name: poppler Version: 20.11.0 -Release: 6%{?dist} +Release: 7%{?dist} License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT URL: http://poppler.freedesktop.org/ Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz @@ -33,6 +33,9 @@ Patch24: poppler-20.11.0-hints.patch # https://bugzilla.redhat.com/show_bug.cgi?id=2124527 Patch25: poppler-20.11.0-jbig-symbol-overflow.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=2189815 +Patch26: poppler-20.11.0-pdfunite-broken-document.patch + BuildRequires: cmake BuildRequires: gettext-devel BuildRequires: pkgconfig(cairo) @@ -237,6 +240,10 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}" %{_mandir}/man1/* %changelog +* Fri Jun 9 2023 Marek Kasik - 20.11.0-7 +- Don't crash in broken documents +- Resolves: #2189844 + * Tue Sep 20 2022 Marek Kasik - 20.11.0-6 - Check for overflow when computing number of symbols - in JBIG2 text region