Petr Gajdos
cd84a81a7d
- added patches fix CVE-2021-32490 [bsc#1185895], Out of bounds write in function DJVU:filter_bv() via crafted djvu file + djvulibre-CVE-2021-32490.patch fix CVE-2021-32491 [bsc#1185900], Integer overflow in function render() in tools/ddjvu via crafted djvu file + djvulibre-CVE-2021-32491.patch fix CVE-2021-32492 [bsc#1185904], Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file + djvulibre-CVE-2021-32492.patch fix CVE-2021-32493 [bsc#1185905], Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file + djvulibre-CVE-2021-32493.patch OBS-URL: https://build.opensuse.org/package/show/graphics/djvulibre?expand=0&rev=38
13 lines
444 B
Diff
13 lines
444 B
Diff
--- a/libdjvu/DataPool.cpp
|
|
+++ a/libdjvu/DataPool.cpp
|
|
@@ -791,6 +791,8 @@ DataPool::create(const GP<DataPool> & pool, int start, int length)
|
|
DEBUG_MSG("DataPool::DataPool: pool=" << (void *)((DataPool *)pool) << " start=" << start << " length= " << length << "\n");
|
|
DEBUG_MAKE_INDENT(3);
|
|
|
|
+ if (!pool) G_THROW( ERR_MSG("DataPool.zero_DataPool") );
|
|
+
|
|
DataPool *xpool=new DataPool();
|
|
GP<DataPool> retval=xpool;
|
|
xpool->init();
|
|
|