Marek Kasik
parent
14cc1bea59
commit
883f62335c
48
poppler-20.11.0-pdfunite-broken-document.patch
Normal file
48
poppler-20.11.0-pdfunite-broken-document.patch
Normal file
@ -0,0 +1,48 @@
|
||||
From efb68686784f0c58668b7ced990fd173e09346db Mon Sep 17 00:00:00 2001
|
||||
From: Albert Astals Cid <aacid@kde.org>
|
||||
Date: Thu, 18 Aug 2022 23:41:24 +0200
|
||||
Subject: pdfunite: Don't crash in broken documents
|
||||
|
||||
|
||||
diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc
|
||||
index 86e75555..a154f40d 100644
|
||||
--- a/utils/pdfunite.cc
|
||||
+++ b/utils/pdfunite.cc
|
||||
@@ -106,16 +106,21 @@ static void doMergeNameDict(PDFDoc *doc, XRef *srcXRef, XRef *countRef, int oldR
|
||||
}
|
||||
}
|
||||
|
||||
-static void doMergeFormDict(Dict *srcFormDict, Dict *mergeFormDict, int numOffset)
|
||||
+static bool doMergeFormDict(Dict *srcFormDict, Dict *mergeFormDict, int numOffset)
|
||||
{
|
||||
Object srcFields = srcFormDict->lookup("Fields");
|
||||
Object mergeFields = mergeFormDict->lookup("Fields");
|
||||
if (srcFields.isArray() && mergeFields.isArray()) {
|
||||
for (int i = 0; i < mergeFields.arrayGetLength(); i++) {
|
||||
const Object &value = mergeFields.arrayGetNF(i);
|
||||
+ if (!value.isRef()) {
|
||||
+ error(errSyntaxError, -1, "Fields object is not a Ref.");
|
||||
+ return false;
|
||||
+ }
|
||||
srcFields.arrayAdd(Object({ value.getRef().num + numOffset, value.getRef().gen }));
|
||||
}
|
||||
}
|
||||
+ return true;
|
||||
}
|
||||
|
||||
///////////////////////////////////////////////////////////////////////////
|
||||
@@ -332,7 +337,13 @@ int main(int argc, char *argv[])
|
||||
if (afObj.isNull()) {
|
||||
afObj = pageCatDict->lookupNF("AcroForm").copy();
|
||||
} else if (afObj.isDict()) {
|
||||
- doMergeFormDict(afObj.getDict(), pageForm.getDict(), numOffset);
|
||||
+ if (!doMergeFormDict(afObj.getDict(), pageForm.getDict(), numOffset)) {
|
||||
+ fclose(f);
|
||||
+ delete yRef;
|
||||
+ delete countRef;
|
||||
+ delete outStr;
|
||||
+ return -1;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
objectsCount += docs[i]->writePageObjects(outStr, yRef, numOffset, true);
|
||||
@ -4,7 +4,7 @@
|
||||
Summary: PDF rendering library
|
||||
Name: poppler
|
||||
Version: 20.11.0
|
||||
Release: 6%{?dist}
|
||||
Release: 7%{?dist}
|
||||
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
|
||||
URL: http://poppler.freedesktop.org/
|
||||
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
|
||||
@ -33,6 +33,9 @@ Patch24: poppler-20.11.0-hints.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2124527
|
||||
Patch25: poppler-20.11.0-jbig-symbol-overflow.patch
|
||||
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2189815
|
||||
Patch26: poppler-20.11.0-pdfunite-broken-document.patch
|
||||
|
||||
BuildRequires: cmake
|
||||
BuildRequires: gettext-devel
|
||||
BuildRequires: pkgconfig(cairo)
|
||||
@ -237,6 +240,10 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
|
||||
%{_mandir}/man1/*
|
||||
|
||||
%changelog
|
||||
* Fri Jun 9 2023 Marek Kasik <mkasik@redhat.com> - 20.11.0-7
|
||||
- Don't crash in broken documents
|
||||
- Resolves: #2189844
|
||||
|
||||
* Tue Sep 20 2022 Marek Kasik <mkasik@redhat.com> - 20.11.0-6
|
||||
- Check for overflow when computing number of symbols
|
||||
- in JBIG2 text region
|
||||
|
||||
Loading…
Reference in New Issue
Block a user