pool/mupdf
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 572213 from home:kbabioch:branches:Publishing

Browse Source 
- CVE-2018-6192.patch: Use official fix from usptream (CVE-2018-6192
  boo#1077755)

OBS-URL: https://build.opensuse.org/request/show/572213
OBS-URL: https://build.opensuse.org/package/show/Publishing/mupdf?expand=0&rev=69
This commit is contained in:
Tomáš Chvátal 2018-02-03 12:13:35 +00:00 committed by Git OBS Bridge
parent 0f2117f19d
commit a32e43e4ea
2 changed files with 36 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
CVE-2018-6192.patch
View File

@ -1,91 +1,38 @@
Index: mupdf-1.12.0-source/source/pdf/pdf-lex.c
===================================================================
--- mupdf-1.12.0-source.orig/source/pdf/pdf-lex.c
+++ mupdf-1.12.0-source/source/pdf/pdf-lex.c
@@ -151,12 +151,21 @@ lex_number(fz_context *ctx, fz_stream *f
char *e = buf->scratch + buf->size - 1; /* leave space for zero terminator */
char *isreal = (c == '.' ? s : NULL);
int neg = (c == '-');
+ int isbad = 0;
*s++ = c;
+ c = fz_read_byte(ctx, f);
+
+ /* skip extra '-' signs at start of number */
+ if (neg)
+ {
+ while (c == '-')
+ c = fz_read_byte(ctx, f);
+ }
+
while (s < e)
{
- c = fz_read_byte(ctx, f);
switch (c)
{
case IS_WHITE:
@@ -165,21 +174,27 @@ lex_number(fz_context *ctx, fz_stream *f
goto end;
case EOF:
goto end;
- case '-':
- neg++;
- *s++ = c;
- break;
case '.':
+ if (isreal)
+ isbad = 1;
isreal = s;
- /* Fall through */
+ *s++ = c;
+ break;
+ case RANGE_0_9:
+ *s++ = c;
+ break;
default:
+ isbad = 1;
*s++ = c;
break;
}
+ c = fz_read_byte(ctx, f);
}
end:
*s = '\0';
+ if (isbad)
+ return PDF_TOK_ERROR;
if (isreal)
{
/* We'd like to use the fastest possible atof
From 5e411a99604ff6be5db9e273ee84737204113299 Mon Sep 17 00:00:00 2001
From: Sebastian Rasmussen <sebras@gmail.com>
Date: Tue, 30 Jan 2018 02:05:57 +0100
Subject: [PATCH] Bug 698916: Indirect object numbers must be in range.
---
source/pdf/pdf-parse.c | 2 ++
source/pdf/pdf-xref.c | 4 ++--
2 files changed, 4 insertions(+), 2 deletions(-)
Index: mupdf-1.12.0-source/source/pdf/pdf-parse.c
===================================================================
--- mupdf-1.12.0-source.orig/source/pdf/pdf-parse.c
+++ mupdf-1.12.0-source/source/pdf/pdf-parse.c
@@ -457,7 +457,8 @@ pdf_parse_array(fz_context *ctx, pdf_doc
break;
@@ -616,6 +616,8 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_d
fz_throw(ctx, FZ_ERROR_SYNTAX, "expected object number");
}
num = buf->i;
+ if (num < 0 || num > PDF_MAX_OBJECT_NUMBER)
+ fz_throw(ctx, FZ_ERROR_SYNTAX, "object number out of range");
default:
- fz_throw(ctx, FZ_ERROR_SYNTAX, "cannot parse token in array");
+ pdf_array_push_drop(ctx, ary, pdf_new_null(ctx, doc));
+ break;
}
}
end:
@@ -547,10 +548,13 @@ pdf_parse_dict(fz_context *ctx, pdf_docu
break;
}
}
- fz_throw(ctx, FZ_ERROR_SYNTAX, "invalid indirect reference in dict");
+ fz_warn(ctx, "invalid indirect reference in dict");
+ val = pdf_new_null(ctx, doc);
+ break;
tok = pdf_lex(ctx, file, buf);
if (tok != PDF_TOK_INT)
Index: mupdf-1.12.0-source/source/pdf/pdf-xref.c
===================================================================
--- mupdf-1.12.0-source.orig/source/pdf/pdf-xref.c
+++ mupdf-1.12.0-source/source/pdf/pdf-xref.c
@@ -234,8 +234,8 @@ pdf_xref_entry *pdf_get_populating_xref_
}
default:
- fz_throw(ctx, FZ_ERROR_SYNTAX, "unknown token in dict");
+ val = pdf_new_null(ctx, doc);
+ break;
}
/* Prevent accidental heap underflow */
- if (num < 0)
- fz_throw(ctx, FZ_ERROR_GENERIC, "object number must not be negative (%d)", num);
+ if (num < 0 || num > PDF_MAX_OBJECT_NUMBER)
+ fz_throw(ctx, FZ_ERROR_GENERIC, "object number out of range (%d)", num);
pdf_dict_put(ctx, dict, key, val);
/* Return the pointer to the entry in the last section. */
xref = &doc->xref_sections[doc->num_xref_sections-1];

6
mupdf.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Feb 2 20:48:34 UTC 2018 - kbabioch@suse.com
- CVE-2018-6192.patch: Use official fix from usptream (CVE-2018-6192
boo#1077755)
-------------------------------------------------------------------
Fri Feb 2 14:58:40 UTC 2018 - kbabioch@suse.com