Sync from SUSE:SLFO:Main poppler revision 460a813af1bd7d8b0bd48aabaddadc7b

2024-12-27 15:56:59 +01:00 · 2024-12-27 15:56:59 +01:00 · efb01405c3
commit efb01405c3
parent 35ad5c0555
3 changed files with 71 additions and 0 deletions
--- a/poppler-CVE-2024-56378.patch
+++ b/poppler-CVE-2024-56378.patch
@ -0,0 +1,60 @@
+Index: poppler-24.12.0/poppler/JBIG2Stream.cc
+===================================================================
+--- poppler-24.12.0.orig/poppler/JBIG2Stream.cc
+++ poppler-24.12.0/poppler/JBIG2Stream.cc
+@@ -766,7 +766,7 @@ void JBIG2Bitmap::duplicateRow(int yDest
+ 
+ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp)
+ {
+-    int x0, x1, y0, y1, xx, yy;
+    int x0, x1, y0, y1, xx, yy, yyy;
+     unsigned char *srcPtr, *destPtr;
+     unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3;
+     bool oneByte;
+@@ -813,14 +813,17 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
+     oneByte = x0 == ((x1 - 1) & ~7);
+ 
+     for (yy = y0; yy < y1; ++yy) {
+-        if (unlikely((y + yy >= h) || (y + yy < 0))) {
+        if (unlikely(checkedAdd(y, yy, &yyy))) {
+            continue;
+        }
+        if (unlikely((yyy >= h) || (yyy < 0))) {
+             continue;
+         }
+ 
+         // one byte per line -- need to mask both left and right side
+         if (oneByte) {
+             if (x >= 0) {
+-                destPtr = data + (y + yy) * line + (x >> 3);
+                destPtr = data + yyy * line + (x >> 3);
+                 srcPtr = bitmap->data + yy * bitmap->line;
+                 dest = *destPtr;
+                 src1 = *srcPtr;
+@@ -843,7 +846,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
+                 }
+                 *destPtr = dest;
+             } else {
+-                destPtr = data + (y + yy) * line;
+                destPtr = data + yyy * line;
+                 srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3);
+                 dest = *destPtr;
+                 src1 = *srcPtr;
+@@ -873,7 +876,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
+ 
+             // left-most byte
+             if (x >= 0) {
+-                destPtr = data + (y + yy) * line + (x >> 3);
+                destPtr = data + yyy * line + (x >> 3);
+                 srcPtr = bitmap->data + yy * bitmap->line;
+                 src1 = *srcPtr++;
+                 dest = *destPtr;
+@@ -897,7 +900,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *b
+                 *destPtr++ = dest;
+                 xx = x0 + 8;
+             } else {
+-                destPtr = data + (y + yy) * line;
+                destPtr = data + yyy * line;
+                 srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3);
+                 src1 = *srcPtr++;
+                 xx = x0;
--- a/poppler.changes
+++ b/poppler.changes
@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon Dec 23 10:23:51 UTC 2024 - pgajdos@suse.com
+
+- security update
+- added patches
+  fix CVE-2024-56378 [bsc#1234795], out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc
+  + poppler-CVE-2024-56378.patch
+
 -------------------------------------------------------------------
 Thu Jul  4 07:39:57 UTC 2024 - pgajdos@suse.com

--- a/poppler.spec
+++ b/poppler.spec
@ -46,6 +46,8 @@ Patch0:         reduce-boost-required-version.patch
 Patch1:         reduce-libtiff-required-version.patch
 # CVE-2024-6239 [bsc#1226916], crash when using pdfinfo with -dests parameter on malformed input files
 Patch2:         poppler-CVE-2024-6239.patch
+# CVE-2024-56378 [bsc#1234795], out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc
+Patch3:         poppler-CVE-2024-56378.patch
 BuildRequires:  cmake >= 3.10
 BuildRequires:  gtk-doc
 BuildRequires:  libboost_headers-devel >= 1.66
@ -220,6 +222,7 @@ developed by Derek Noonburg of Glyph and Cog, LLC.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1

 %build
 %if "%{flavor}" == "qt5"