rpm/mupdf
SHA256
1
0
Fork 0
forked from pool/mupdf
Code Pull Requests Activity

- Add CVE-2018-5686.patch to fix an infinite loop

Browse Source 
CVE-2018-5686 bsc#1075936

OBS-URL: https://build.opensuse.org/package/show/Publishing/mupdf?expand=0&rev=63
This commit is contained in:
Ismail Dönmez 2018-01-22 12:24:25 +00:00 committed by Git OBS Bridge
parent 539bd8944b
commit c2a31ad6be
3 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
CVE-2018-5686.patch Normal file
View File

@ -0,0 +1,42 @@
X-Git-Url: http://git.ghostscript.com/?p=mupdf.git;a=blobdiff_plain;f=include%2Fmupdf%2Ffitz%2Fstream.h;h=790a0a83d3850facdceefb3c3e598fdb63d4e14d;hp=cd26be9039c064c8028fd6ca958044d133644e29;hb=b70eb93f6936c03d8af52040bbca4d4a7db39079;hpb=0d7359fbcd331ec0a22ec163dacff953f9817814
Index: mupdf-1.12.0-source/include/mupdf/fitz/stream.h
===================================================================
--- mupdf-1.12.0-source.orig/include/mupdf/fitz/stream.h
+++ mupdf-1.12.0-source/include/mupdf/fitz/stream.h
@@ -335,10 +335,11 @@ static inline size_t fz_available(fz_con
if (len)
return len;
+ if (stm->eof)
+ return 0;
+
fz_try(ctx)
- {
c = stm->next(ctx, stm, max);
- }
fz_catch(ctx)
{
fz_rethrow_if(ctx, FZ_ERROR_TRYLATER);
@@ -369,10 +370,10 @@ static inline int fz_read_byte(fz_contex
if (stm->rp != stm->wp)
return *stm->rp++;
+ if (stm->eof)
+ return EOF;
fz_try(ctx)
- {
c = stm->next(ctx, stm, 1);
- }
fz_catch(ctx)
{
fz_rethrow_if(ctx, FZ_ERROR_TRYLATER);
@@ -398,6 +399,8 @@ static inline int fz_peek_byte(fz_contex
if (stm->rp != stm->wp)
return *stm->rp;
+ if (stm->eof)
+ return EOF;
c = stm->next(ctx, stm, 1);
if (c != EOF)

6
mupdf.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Jan 22 12:20:48 UTC 2018 - idonmez@suse.com
- Add CVE-2018-5686.patch to fix an infinite loop
CVE-2018-5686 bsc#1075936
-------------------------------------------------------------------
Sun Jan 14 03:11:32 UTC 2018 - avindra@opensuse.org

2
mupdf.spec
View File

@ -28,6 +28,7 @@ Source0: https://mupdf.com/downloads/mupdf-%{version}-source.tar.xz#/%{na
Source1: mupdf.desktop
Source2: mupdf.png
Patch1: fix-openjpeg-flags.patch
Patch2: CVE-2018-5686.patch
BuildRequires: freetype-devel
BuildRequires: gcc-c++
BuildRequires: jbig2dec-devel
@ -64,6 +65,7 @@ based on mupdf.
%prep
%setup -q -n %{name}-%{version}-source
%patch1 -p1
%patch2 -p1
# do not use the inlined copies of build dpendencies except for mujs
rm -rf $(ls -d thirdparty/*/ | grep -v mujs)