From f02fcd25bbcbd8ee80e85a9a3a6b68bedd76367a Mon Sep 17 00:00:00 2001 From: Marek Kasik Date: Thu, 30 May 2019 16:33:33 +0200 Subject: [PATCH] Fix crash on broken file Resolves: #1696640 --- poppler-0.73.0-clip-aa-line.patch | 25 +++++++++++++++++++++++++ poppler.spec | 9 ++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 poppler-0.73.0-clip-aa-line.patch diff --git a/poppler-0.73.0-clip-aa-line.patch b/poppler-0.73.0-clip-aa-line.patch new file mode 100644 index 0000000..2894567 --- /dev/null +++ b/poppler-0.73.0-clip-aa-line.patch @@ -0,0 +1,25 @@ +From 8dbe2e6c480405dab9347075cf4be626f90f1d05 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Wed, 3 Apr 2019 18:02:42 +0200 +Subject: SplashXPathScanner::clipAALine: Fix crash on broken file + +Make sure the index of allIntersections we access is valid + +Fixes #748 + +diff --git a/splash/SplashXPathScanner.cc b/splash/SplashXPathScanner.cc +index 8362a6a5..23b4f7c4 100644 +--- a/splash/SplashXPathScanner.cc ++++ b/splash/SplashXPathScanner.cc +@@ -452,7 +452,10 @@ void SplashXPathScanner::clipAALine(SplashBitmap *aaBuf, + for (yy = 0; yy < splashAASize; ++yy) { + xx = *x0 * splashAASize; + if (yy >= yyMin && yy <= yyMax) { +- const auto& line = allIntersections[splashAASize * y + yy - yMin]; ++ const int intersectionIndex = splashAASize * y + yy - yMin; ++ if (unlikely(intersectionIndex < 0 || (unsigned)intersectionIndex >= allIntersections.size())) ++ break; ++ const auto& line = allIntersections[intersectionIndex]; + interIdx = 0; + interCount = 0; + while (interIdx < line.size() && xx < (*x1 + 1) * splashAASize) { diff --git a/poppler.spec b/poppler.spec index 75a31f2..c4c32a8 100644 --- a/poppler.spec +++ b/poppler.spec @@ -4,7 +4,7 @@ Summary: PDF rendering library Name: poppler Version: 0.73.0 -Release: 11%{?dist} +Release: 12%{?dist} License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT URL: http://poppler.freedesktop.org/ Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz @@ -47,6 +47,9 @@ Patch15: poppler-0.73.0-jpeg2000-component-size.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1696638 Patch16: poppler-0.73.0-overlapping-boxes.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1696637 +Patch17: poppler-0.73.0-clip-aa-line.patch + BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: gettext-devel @@ -277,6 +280,10 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}" %{_mandir}/man1/* %changelog +* Thu May 30 2019 Marek Kasik - 0.73.0-12 +- SplashXPathScanner::clipAALine: Fix crash on broken file +- Resolves: #1696640 + * Thu May 30 2019 Marek Kasik - 0.73.0-11 - Restrict filling of overlapping boxes in Splash - Resolves: #1696640