开源软件构建与测试

_service:tar_scm:poppler.spec Changed

_service:tar_scm:CVE-2022-38784.patch Added

@@ -0,0 +1,29 @@
+From d8efdc261ea40e3b3af82ed1d9bc7bcdafa36d67 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid @tsdgeos
+Date: Tue, 6 Sep 2022 14:35:28 +0800
+Subject: PATCH JBIG2Stream: Fix crash on broken file
+
+---
+ poppler/JBIG2Stream.cc | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
+index 9eddaa6..cb5cf2c 100644
+--- a/poppler/JBIG2Stream.cc
++++ b/poppler/JBIG2Stream.cc
+@@ -1968,7 +1968,11 @@ void JBIG2Stream::readTextRegionSeg(unsigned int segNum, bool imm, bool lossless
+     for (i = 0; i < nRefSegs; ++i) {
+         if ((seg = findSegment(refSegsi))) {
+             if (seg->getType() == jbig2SegSymbolDict) {
+-                numSyms += ((JBIG2SymbolDict *)seg)->getSize();
++                const unsigned int segSize = ((JBIG2SymbolDict *)seg)->getSize();
++                if (unlikely(checkedAdd(numSyms, segSize, &numSyms))) {
++                    error(errSyntaxError, getPos(), "Too many symbols in JBIG2 text region");
++                    return;
++                }  
+             } else if (seg->getType() == jbig2SegCodeTable) {
+                 codeTables.push_back(seg);
+             }
+-- 
+2.33.0
+

_service:tar_scm:backport-CVE-2022-27337.patch Added

@@ -0,0 +1,68 @@
+From 81044c64b9ed9a10ae82a28bac753060bdfdac74 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Tue, 15 Mar 2022 15:14:32 +0100
+Subject: PATCH Hints::readTables: bail out if we run out of file when
+ reading
+
+Fixes #1230
+
+Reference:https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74
+Conflict:NA
+
+---
+ poppler/Hints.cc | 24 +++++++++++++++++-------
+ 1 file changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/poppler/Hints.cc b/poppler/Hints.cc
+index 79f040888..4707e1c69 100644
+--- a/poppler/Hints.cc
++++ b/poppler/Hints.cc
+@@ -5,7 +5,7 @@
+ // This file is licensed under the GPLv2 or later
+ //
+ // Copyright 2010, 2012, 2013 Hib Eris <hib@hiberis.nl>
+-// Copyright 2010, 2011, 2013, 2014, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org>
++// Copyright 2010, 2011, 2013, 2014, 2016-2019, 2021, 2022 Albert Astals Cid <aacid@kde.org>
+ // Copyright 2010, 2013 Pino Toscano <pino@kde.org>
+ // Copyright 2013 Adrian Johnson <ajohnson@redneon.com>
+ // Copyright 2014 Fabio D'Urso <fabiodurso@hotmail.it>
+@@ -189,21 +189,31 @@ void Hints::readTables(BaseStream *str, Linearization *linearization, XRef *xref
+     char *p = &buf0;
+ 
+     if (hintsOffset && hintsLength) {
+-        Stream *s = str->makeSubStream(hintsOffset, false, hintsLength, Object(objNull));
++        std::unique_ptr<Stream> s(str->makeSubStream(hintsOffset, false, hintsLength, Object(objNull)));
+         s->reset();
+         for (unsigned int i = 0; i < hintsLength; i++) {
+-            *p++ = s->getChar();
++            const int c = s->getChar();
++            if (unlikely(c == EOF)) {
++                error(errSyntaxWarning, -1, "Found EOF while reading hints");
++                ok = false;
++                return;
++            }
++            *p++ = c;
+         }
+-        delete s;
+     }
+ 
+     if (hintsOffset2 && hintsLength2) {
+-        Stream *s = str->makeSubStream(hintsOffset2, false, hintsLength2, Object(objNull));
++        std::unique_ptr<Stream> s(str->makeSubStream(hintsOffset2, false, hintsLength2, Object(objNull)));
+         s->reset();
+         for (unsigned int i = 0; i < hintsLength2; i++) {
+-            *p++ = s->getChar();
++            const int c = s->getChar();
++            if (unlikely(c == EOF)) {
++                error(errSyntaxWarning, -1, "Found EOF while reading hints2");
++                ok = false;
++                return;
++            }
++            *p++ = c;
+         }
+-        delete s;
+     }
+ 
+     MemStream *memStream = new MemStream(&buf0, 0, bufLength, Object(objNull));
+-- 
+GitLab

_service Changed

Changes of Revision 2