summaryrefslogtreecommitdiff
path: root/user/atril/CVE-2019-1010006.patch
diff options
context:
space:
mode:
authorA. Wilcox <awilcox@wilcox-tech.com>2019-09-28 16:42:22 +0000
committerA. Wilcox <awilcox@wilcox-tech.com>2019-09-28 16:42:22 +0000
commit78267424e8c6115d0bf4ab46356f0474608f4ef4 (patch)
tree9e48f02c5d1050d29a05b4301dc55ce3965eef14 /user/atril/CVE-2019-1010006.patch
parentb6f94882152d13b024f7b547a766d825e2a4589a (diff)
parent915860fbb6b95634ce381443aa9d15d88d0819e3 (diff)
downloadpackages-78267424e8c6115d0bf4ab46356f0474608f4ef4.tar.gz
packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.tar.bz2
packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.tar.xz
packages-78267424e8c6115d0bf4ab46356f0474608f4ef4.zip
Merge branch 'poopler' into 'master'
Bump poppler* and rebuild some of its dependencies See merge request adelie/packages!333
Diffstat (limited to 'user/atril/CVE-2019-1010006.patch')
-rw-r--r--user/atril/CVE-2019-1010006.patch40
1 files changed, 19 insertions, 21 deletions
diff --git a/user/atril/CVE-2019-1010006.patch b/user/atril/CVE-2019-1010006.patch
index ce107d193..913e40312 100644
--- a/user/atril/CVE-2019-1010006.patch
+++ b/user/atril/CVE-2019-1010006.patch
@@ -1,22 +1,18 @@
-From e02fe9170ad0ac2fd46c75329c4f1d4502d4a362 Mon Sep 17 00:00:00 2001
-From: Jason Crain <jcrain@src.gnome.org>
-Date: Sat, 2 Dec 2017 20:24:33 -0600
-Subject: [PATCH] Fix overflow checks in tiff backend
+From aa8c51c24a3d716986ace9a4104a9632436ccff5 Mon Sep 17 00:00:00 2001
+From: lukefromdc <lukefromdc@hushmail.com>
+Date: Sat, 27 Jul 2019 15:07:13 -0400
+Subject: [PATCH] Fix buffer overflow in backend/tiff-document.c
-The overflow checks in tiff_document_render and
-tiff_document_get_thumbnail don't work when optimizations are enabled.
-Change the checks so they don't rely on undefined behavior.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=788980
+ Apply https://gitlab.gnome.org/GNOME/evince/commit/e02fe9170ad0ac2fd46c75329c4f1d4502d4a362
---
- backend/tiff/tiff-document.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
+ backend/tiff/tiff-document.c | 17 ++++++++++-------
+ 1 file changed, 10 insertions(+), 7 deletions(-)
diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
-index 8f40934e..7bf95c2b 100644
+index 0aa31cb6..94adc400 100644
--- a/backend/tiff/tiff-document.c
+++ b/backend/tiff/tiff-document.c
-@@ -284,12 +284,12 @@ tiff_document_render (EvDocument *document,
+@@ -268,13 +268,14 @@ tiff_document_render (EvDocument *document,
return NULL;
}
@@ -27,11 +23,13 @@ index 8f40934e..7bf95c2b 100644
/* overflow */
return NULL;
}
-+ bytes = height * rowstride;
++ bytes = height * rowstride;
++
pixels = g_try_malloc (bytes);
if (!pixels) {
-@@ -374,15 +374,15 @@ tiff_document_get_thumbnail (EvDocument *document,
+ g_warning("Failed to allocate memory for rendering.");
+@@ -356,15 +357,17 @@ tiff_document_render_pixbuf (EvDocument *document,
if (width <= 0 || height <= 0)
return NULL;
@@ -40,17 +38,17 @@ index 8f40934e..7bf95c2b 100644
+ if (width >= INT_MAX / 4)
/* overflow */
return NULL;
-+ rowstride = width * 4;
- bytes = height * rowstride;
- if (bytes / rowstride != height)
++ rowstride = width * 4;
++
+ if (height >= INT_MAX / rowstride)
/* overflow */
- return NULL;
-+ bytes = height * rowstride;
+- return NULL;
++ return NULL;
++
++ bytes = height * rowstride;
pixels = g_try_malloc (bytes);
if (!pixels)
---
-2.21.0
-