rpm/mupdf
SHA256
1
0
Fork 0
forked from pool/mupdf
Code Pull Requests Activity
mupdf/CVE-2017-7976.patch

15 lines
930 B
Diff
Raw Normal View History

- Add CVE-2016-10221.patch, CVE-2016-8728.patch and CVE-2017-7976.patch to fix CVE-2016-10221, CVE-2016-8728, CVE-2016-8729 and CVE-2017-7976 bsc#1032140 bsc#1039850 bsc#1052029 OBS-URL: https://build.opensuse.org/package/show/Publishing/mupdf?expand=0&rev=56
2017-08-03 08:30:44 +00:00
Index: mupdf-1.10a-source/thirdparty/jbig2dec/jbig2_image.c
===================================================================
--- mupdf-1.10a-source.orig/thirdparty/jbig2dec/jbig2_image.c
+++ mupdf-1.10a-source/thirdparty/jbig2dec/jbig2_image.c
@@ -263,7 +263,8 @@ jbig2_image_compose(Jbig2Ctx *ctx, Jbig2
/* general OR case */
s = ss;
d = dd = dst->data + y * dst->stride + leftbyte;
- if (d < dst->data || leftbyte > dst->stride || h * dst->stride < 0 || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride) {
+ if (d < dst->data || leftbyte > dst->stride || d - leftbyte + h * dst->stride > dst->data + dst->height * dst->stride ||
+ s - leftbyte + (h - 1) * src->stride + rightbyte > src->data + src->height * src->stride) {
return jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "preventing heap overflow in jbig2_image_compose");
}
if (leftbyte == rightbyte) {
Copy Permalink