pool/mupdf
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Add CVE-2017-5896.patch to fix a heap overflow

Browse Source 
CVE-2017-5896 bsc#1023761 bsc#1024679

OBS-URL: https://build.opensuse.org/package/show/Publishing/mupdf?expand=0&rev=49
This commit is contained in:
Ismail Dönmez 2017-02-10 11:01:58 +00:00 committed by Git OBS Bridge
parent 42cfc2defc
commit 6c7559ad02
3 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2017-5896.patch Normal file
View File

@ -0,0 +1,40 @@
X-Git-Url: http://git.ghostscript.com/?p=mupdf.git;a=blobdiff_plain;f=source%2Ffitz%2Fpixmap.c;h=f1291dc29d49ead44c10785fd014a0d995e45a91;hp=a8317127da7af6d39eb86fe3ca02cb4106a9b262;hb=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27;hpb=90fa6203ad032fe161d85a3e580941ce3d1216f0
diff --git a/source/fitz/pixmap.c b/source/fitz/pixmap.c
index a831712..f1291dc 100644
--- a/source/fitz/pixmap.c
+++ b/source/fitz/pixmap.c
@@ -1104,6 +1104,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
"@STACK:r1,<9>,factor,n,fwd,back,back2,fwd2,divX,back4,fwd4,fwd3,divY,back5,divXY\n"
"ldr r4, [r13,#4*22] @ r4 = divXY \n"
"ldr r5, [r13,#4*11] @ for (nn = n; nn > 0; n--) { \n"
+ "ldr r8, [r13,#4*17] @ r8 = back4 \n"
"18: @ \n"
"mov r14,#0 @ r14= v = 0 \n"
"sub r5, r5, r1, LSL #8 @ for (xx = x; xx > 0; x--) { \n"
@@ -1120,7 +1121,7 @@ fz_subsample_pixmap_ARM(unsigned char *ptr, int w, int h, int f, int factor,
"mul r14,r4, r14 @ r14= v *= divX \n"
"mov r14,r14,LSR #16 @ r14= v >>= 16 \n"
"strb r14,[r9], #1 @ *d++ = r14 \n"
- "sub r0, r0, r8 @ s -= back2 \n"
+ "sub r0, r0, r8 @ s -= back4 \n"
"subs r5, r5, #1 @ n-- \n"
"bgt 18b @ } \n"
"21: @ \n"
@@ -1249,6 +1250,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
x += f;
if (x > 0)
{
+ int back4 = x * n - 1;
div = x * y;
for (nn = n; nn > 0; nn--)
{
@@ -1263,7 +1265,7 @@ fz_subsample_pixmap(fz_context *ctx, fz_pixmap *tile, int factor)
s -= back5;
}
*d++ = v / div;
- s -= back2;
+ s -= back4;
}
}
}

6
mupdf.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Feb 10 10:56:31 UTC 2017 - idonmez@suse.com
- Add CVE-2017-5896.patch to fix a heap overflow
CVE-2017-5896 bsc#1023761 bsc#1024679
-------------------------------------------------------------------
Mon Feb 6 12:51:00 UTC 2017 - idonmez@suse.com

2
mupdf.spec
View File

@ -33,6 +33,7 @@ Patch3: CVE-2016-10133.patch
Patch4: CVE-2016-10141.patch
Patch5: CVE-2017-5627.patch
Patch6: CVE-2017-5628.patch
Patch7: CVE-2017-5896.patch
BuildRequires: freetype-devel
BuildRequires: gcc-c++
BuildRequires: jbig2dec-devel
@ -69,6 +70,7 @@ based on mupdf.
%prep
%setup -q -n %{name}-%{version}-source
%patch1 -p1
%patch7 -p1
pushd ./thirdparty/mujs
%patch2 -p1