diff options
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/poppler-CVE-2018-19149.patch | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/gnu/packages/patches/poppler-CVE-2018-19149.patch b/gnu/packages/patches/poppler-CVE-2018-19149.patch new file mode 100644 index 0000000000..3641f5f078 --- /dev/null +++ b/gnu/packages/patches/poppler-CVE-2018-19149.patch @@ -0,0 +1,80 @@ +Fix CVE-2018-19149: + +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149 +https://gitlab.freedesktop.org/poppler/poppler/issues/664 + +Patch copied from upstream source repository: + +https://gitlab.freedesktop.org/poppler/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 + +From f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 Mon Sep 17 00:00:00 2001 +From: Marek Kasik <mkasik@redhat.com> +Date: Fri, 20 Apr 2018 11:38:13 +0200 +Subject: [PATCH] Fix crash on missing embedded file + +Check whether an embedded file is actually present in the PDF +and show warning in that case. + +https://bugs.freedesktop.org/show_bug.cgi?id=106137 +https://gitlab.freedesktop.org/poppler/poppler/issues/236 +--- + glib/poppler-attachment.cc | 26 +++++++++++++++++--------- + glib/poppler-document.cc | 3 ++- + 2 files changed, 19 insertions(+), 10 deletions(-) + +diff --git a/glib/poppler-attachment.cc b/glib/poppler-attachment.cc +index c6502e9d..11ba5bb5 100644 +--- a/glib/poppler-attachment.cc ++++ b/glib/poppler-attachment.cc +@@ -111,17 +111,25 @@ _poppler_attachment_new (FileSpec *emb_file) + attachment->description = _poppler_goo_string_to_utf8 (emb_file->getDescription ()); + + embFile = emb_file->getEmbeddedFile(); +- attachment->size = embFile->size (); ++ if (embFile != NULL && embFile->streamObject()->isStream()) ++ { ++ attachment->size = embFile->size (); + +- if (embFile->createDate ()) +- _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime); +- if (embFile->modDate ()) +- _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime); ++ if (embFile->createDate ()) ++ _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime); ++ if (embFile->modDate ()) ++ _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime); + +- if (embFile->checksum () && embFile->checksum ()->getLength () > 0) +- attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (), +- embFile->checksum ()->getLength ()); +- priv->obj_stream = embFile->streamObject()->copy(); ++ if (embFile->checksum () && embFile->checksum ()->getLength () > 0) ++ attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (), ++ embFile->checksum ()->getLength ()); ++ priv->obj_stream = embFile->streamObject()->copy(); ++ } ++ else ++ { ++ g_warning ("Missing stream object for embedded file"); ++ g_clear_object (&attachment); ++ } + + return attachment; + } +diff --git a/glib/poppler-document.cc b/glib/poppler-document.cc +index 83f6aea6..ea319344 100644 +--- a/glib/poppler-document.cc ++++ b/glib/poppler-document.cc +@@ -670,7 +670,8 @@ poppler_document_get_attachments (PopplerDocument *document) + attachment = _poppler_attachment_new (emb_file); + delete emb_file; + +- retval = g_list_prepend (retval, attachment); ++ if (attachment != NULL) ++ retval = g_list_prepend (retval, attachment); + } + return g_list_reverse (retval); + } +-- +2.19.1 + |