55 lines
1.6 KiB
Diff
55 lines
1.6 KiB
Diff
http://cgit.freedesktop.org/poppler/poppler/commit/?id=c839b70609
|
|
|
|
CVE-2009-3607
|
|
|
|
diff -pruN poppler-0.12.1.orig/glib/poppler-page.cc poppler-0.12.1/glib/poppler-page.cc
|
|
--- poppler-0.12.1.orig/glib/poppler-page.cc 2009-09-09 23:22:31.000000000 +0200
|
|
+++ poppler-0.12.1/glib/poppler-page.cc 2009-10-25 18:54:30.000000000 +0100
|
|
@@ -609,28 +609,28 @@ create_surface_from_thumbnail_data (guch
|
|
gint rowstride)
|
|
{
|
|
guchar *cairo_pixels;
|
|
+ gint cairo_stride;
|
|
cairo_surface_t *surface;
|
|
- static cairo_user_data_key_t key;
|
|
int j;
|
|
|
|
- cairo_pixels = (guchar *)g_malloc (4 * width * height);
|
|
- surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels,
|
|
- CAIRO_FORMAT_RGB24,
|
|
- width, height, 4 * width);
|
|
- cairo_surface_set_user_data (surface, &key,
|
|
- cairo_pixels, (cairo_destroy_func_t)g_free);
|
|
+ surface = cairo_image_surface_create (CAIRO_FORMAT_RGB24, width, height);
|
|
+ if (cairo_surface_status (surface))
|
|
+ return NULL;
|
|
+
|
|
+ cairo_pixels = cairo_image_surface_get_data (surface);
|
|
+ cairo_stride = cairo_image_surface_get_stride (surface);
|
|
|
|
for (j = height; j; j--) {
|
|
guchar *p = data;
|
|
guchar *q = cairo_pixels;
|
|
guchar *end = p + 3 * width;
|
|
-
|
|
+
|
|
while (p < end) {
|
|
#if G_BYTE_ORDER == G_LITTLE_ENDIAN
|
|
q[0] = p[2];
|
|
q[1] = p[1];
|
|
q[2] = p[0];
|
|
-#else
|
|
+#else
|
|
q[1] = p[0];
|
|
q[2] = p[1];
|
|
q[3] = p[2];
|
|
@@ -640,7 +640,7 @@ create_surface_from_thumbnail_data (guch
|
|
}
|
|
|
|
data += rowstride;
|
|
- cairo_pixels += 4 * width;
|
|
+ cairo_pixels += cairo_stride;
|
|
}
|
|
|
|
return surface;
|