packages/poppler
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-38784

Browse Source 
(cherry picked from commit 50b19e39852bbb1373e762c39161038b8719d978)
This commit is contained in:
zhouwenpei 2022-09-06 20:23:49 +08:00 committed by openeuler-sync-bot
parent 0948379c29
commit dbdbcc6cc7
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
backport-CVE-2022-38784.patch Normal file
View File

@ -0,0 +1,32 @@
From 27354e9d9696ee2bc063910a6c9a6b27c5184a52 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Thu, 25 Aug 2022 00:14:22 +0200
Subject: [PATCH] JBIG2Stream: Fix crash on broken file
https://github.com/jeffssh/CVE-2021-30860
Thanks to David Warren for the heads up
---
poppler/JBIG2Stream.cc | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index a861da2..0bd8305 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -2099,7 +2099,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm,
for (i = 0; i < nRefSegs; ++i) {
if ((seg = findSegment(refSegs[i]))) {
if (seg->getType() == jbig2SegSymbolDict) {
- numSyms += ((JBIG2SymbolDict *)seg)->getSize();
+ const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
+ if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
+ error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
+ return;
+ }
} else if (seg->getType() == jbig2SegCodeTable) {
codeTables->push_back(seg);
}
--
1.8.3.1

7
poppler.spec
View File

@ -4,7 +4,7 @@
Summary: PDF rendering library Summary: PDF rendering library
Name: poppler Name: poppler
Version: 0.90.0 Version: 0.90.0
Release: 2 Release: 3
License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT License: (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
URL: http://poppler.freedesktop.org/ URL: http://poppler.freedesktop.org/
Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz Source0: http://poppler.freedesktop.org/poppler-%{version}.tar.xz
@ -15,6 +15,8 @@ Patch5: poppler-0.84.0-MacroPushRequiredVars.patch
Patch7: poppler-0.90.0-position-independent-code.patch Patch7: poppler-0.90.0-position-independent-code.patch
Patch8: %{name}-gcc11.patch Patch8: %{name}-gcc11.patch
Patch6001: backport-CVE-2022-38784.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gettext-devel BuildRequires: gettext-devel
@ -232,6 +234,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Tue Sep 06 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 0.90.0-3
- fix CVE-2022-38784
* Tue Jan 18 2022 xu_ping <xuping33@huawei.com> - 0.90.0-2 * Tue Jan 18 2022 xu_ping <xuping33@huawei.com> - 0.90.0-2
- Add BuildRequires openjpeg2-tools to fix "/usr/bin/opj2_decompress" not found - Add BuildRequires openjpeg2-tools to fix "/usr/bin/opj2_decompress" not found