diff options
Diffstat (limited to 'gnu/packages/patches/poppler-CVE-2015-8868.patch')
| -rw-r--r-- | gnu/packages/patches/poppler-CVE-2015-8868.patch | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/gnu/packages/patches/poppler-CVE-2015-8868.patch b/gnu/packages/patches/poppler-CVE-2015-8868.patch deleted file mode 100644 index ac78d32ffa..0000000000 --- a/gnu/packages/patches/poppler-CVE-2015-8868.patch +++ /dev/null @@ -1,30 +0,0 @@ -Fixes CVE-2015-8868 (heap overflow). - -Upstream source: -https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433 - -From b3425dd3261679958cd56c0f71995c15d2124433 Mon Sep 17 00:00:00 2001 -From: Albert Astals Cid <aacid@kde.org> -Date: Tue, 22 Dec 2015 22:50:33 +0100 -Subject: Do not crash on invalid files - -Bug #93476 - -diff --git a/poppler/Function.cc b/poppler/Function.cc -index 67283df..ee5afc1 100644 ---- a/poppler/Function.cc -+++ b/poppler/Function.cc -@@ -577,6 +577,10 @@ ExponentialFunction::ExponentialFunction(Object *funcObj, Dict *dict) { - goto err2; - } - n = obj1.arrayGetLength(); -+ if (unlikely(n > funcMaxOutputs)) { -+ error(errSyntaxError, -1, "Function's C0 array is wrong length"); -+ n = funcMaxOutputs; -+ } - for (i = 0; i < n; ++i) { - obj1.arrayGet(i, &obj2); - if (!obj2.isNum()) { --- -cgit v0.10.2 - |