rpms/poppler
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix crash on broken file

Browse Source 
Resolves: #1696640
This commit is contained in:
Marek Kasik 2019-05-30 16:33:33 +02:00
parent bf9d454415
commit f02fcd25bb
2 changed files with 33 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
poppler-0.73.0-clip-aa-line.patch Normal file
View File

@ -0,0 +1,25 @@
From 8dbe2e6c480405dab9347075cf4be626f90f1d05 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Wed, 3 Apr 2019 18:02:42 +0200
Subject: SplashXPathScanner::clipAALine: Fix crash on broken file
Make sure the index of allIntersections we access is valid
Fixes #748
diff --git a/splash/SplashXPathScanner.cc b/splash/SplashXPathScanner.cc
index 8362a6a5..23b4f7c4 100644
--- a/splash/SplashXPathScanner.cc
+++ b/splash/SplashXPathScanner.cc
@@ -452,7 +452,10 @@ void SplashXPathScanner::clipAALine(SplashBitmap *aaBuf,
for (yy = 0; yy < splashAASize; ++yy) {
xx = *x0 * splashAASize;
if (yy >= yyMin && yy <= yyMax) {
- const auto& line = allIntersections[splashAASize * y + yy - yMin];
+ const int intersectionIndex = splashAASize * y + yy - yMin;
+ if (unlikely(intersectionIndex < 0 || (unsigned)intersectionIndex >= allIntersections.size()))
+ break;
+ const auto& line = allIntersections[intersectionIndex];
interIdx = 0;
interCount = 0;
while (interIdx < line.size() && xx < (*x1 + 1) * splashAASize) {

9
poppler.spec
View File

@ -4,7 +4,7 @@
Summary: PDF rendering library
Name: poppler
Version: 0.73.0
Release: 11%{?dist}
Release: 12%{?dist}
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
URL: http://poppler.freedesktop.org/
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@ -47,6 +47,9 @@ Patch15: poppler-0.73.0-jpeg2000-component-size.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1696638
Patch16: poppler-0.73.0-overlapping-boxes.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1696637
Patch17: poppler-0.73.0-clip-aa-line.patch
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: gettext-devel
@ -277,6 +280,10 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
%{_mandir}/man1/*
%changelog
* Thu May 30 2019 Marek Kasik <mkasik@redhat.com> - 0.73.0-12
- SplashXPathScanner::clipAALine: Fix crash on broken file
- Resolves: #1696640
* Thu May 30 2019 Marek Kasik <mkasik@redhat.com> - 0.73.0-11
- Restrict filling of overlapping boxes in Splash
- Resolves: #1696640