diff options
author | Leo Famulari <leo@famulari.name> | 2017-11-11 22:29:44 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-11-11 22:34:24 -0500 |
commit | 882d921344a4881fcf9d2d2c8f290fe8766fef80 (patch) | |
tree | 8af83c432f726cf192994411e37b07853f3ece89 /gnu/packages/patches | |
parent | 07cc9245e6def0060fd1b328c09f2637b4381530 (diff) | |
download | guix-882d921344a4881fcf9d2d2c8f290fe8766fef80.tar guix-882d921344a4881fcf9d2d2c8f290fe8766fef80.tar.gz |
gnu: mupdf: Actually fix CVE-2017-15587.
The original fix could be removed by an optimizing compiler.
* gnu/packages/patches/mupdf-CVE-2017-15587.patch: Revise patch.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/mupdf-CVE-2017-15587.patch | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/gnu/packages/patches/mupdf-CVE-2017-15587.patch b/gnu/packages/patches/mupdf-CVE-2017-15587.patch index 5da7737ea1..7d24666756 100644 --- a/gnu/packages/patches/mupdf-CVE-2017-15587.patch +++ b/gnu/packages/patches/mupdf-CVE-2017-15587.patch @@ -3,11 +3,12 @@ Fix CVE-2017-15587. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15587 https://nandynarwhals.org/CVE-2017-15587/ -Copied from upstream: +This patch is these two upstream commits squashed together: <https://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8> +<https://git.ghostscript.com/?p=mupdf.git;h=d18bc728e46c5a5708f14d27c2b6c44e1d0c3232> diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 66bd0ed..6292793 100644 +index 66bd0ed8..89499e61 100644 --- a/source/pdf/pdf-xref.c +++ b/source/pdf/pdf-xref.c @@ -924,7 +924,7 @@ pdf_read_new_xref_section(fz_context *ctx, pdf_document *doc, fz_stream *stm, fz @@ -15,7 +16,10 @@ index 66bd0ed..6292793 100644 int i, n; - if (i0 < 0 || i1 < 0) -+ if (i0 < 0 || i1 < 0 || (i0+i1) < 0) ++ if (i0 < 0 || i1 < 0 || i0 > INT_MAX - i1) fz_throw(ctx, FZ_ERROR_GENERIC, "negative xref stream entry index"); //if (i0 + i1 > pdf_xref_len(ctx, doc)) // fz_throw(ctx, FZ_ERROR_GENERIC, "xref stream has too many entries"); +-- +2.15.0 + |