From ef019092b98e1337acac51525e8e4e092267f69c Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sun, 9 Jul 2017 18:01:02 -0400 Subject: gnu: poppler: Fix null pointer dereferences. * gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/pdf.scm (poppler/fixed)[source]: Add the patch. --- gnu/local.mk | 1 + .../poppler-fix-crash-with-broken-documents.patch | 61 ++++++++++++++++++++++ gnu/packages/pdf.scm | 3 +- 3 files changed, 64 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch diff --git a/gnu/local.mk b/gnu/local.mk index 32b62196e7..d792ff701a 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -915,6 +915,7 @@ dist_patch_DATA = \ %D%/packages/patches/polkit-drop-test.patch \ %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \ %D%/packages/patches/poppler-CVE-2017-9776.patch \ + %D%/packages/patches/poppler-fix-crash-with-broken-documents.patch \ %D%/packages/patches/portaudio-audacity-compat.patch \ %D%/packages/patches/portmidi-modular-build.patch \ %D%/packages/patches/procmail-ambiguous-getline-debian.patch \ diff --git a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch b/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch new file mode 100644 index 0000000000..353a16e322 --- /dev/null +++ b/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch @@ -0,0 +1,61 @@ +Copied from: + + https://cgit.freedesktop.org/poppler/poppler/patch/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a + +From 5c9b08a875b07853be6c44e43ff5f7f059df666a Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid +Date: Sat, 27 May 2017 00:09:17 +0200 +Subject: pdfunite: Fix crash with broken documents + +Sometimes we can't parse pages so check before accessing them + +Thanks to Jiaqi Peng for the report + +Fixes bugs #101153 and #101149 + +diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc +index dfe48bf..c32e201 100644 +--- a/utils/pdfunite.cc ++++ b/utils/pdfunite.cc +@@ -7,7 +7,7 @@ + // Copyright (C) 2011-2015, 2017 Thomas Freitag + // Copyright (C) 2012 Arseny Solokha + // Copyright (C) 2012 Fabio D'Urso +-// Copyright (C) 2012, 2014 Albert Astals Cid ++// Copyright (C) 2012, 2014, 2017 Albert Astals Cid + // Copyright (C) 2013 Adrian Johnson + // Copyright (C) 2013 Hib Eris + // Copyright (C) 2015 Arthur Stavisky +@@ -268,15 +268,15 @@ int main (int argc, char *argv[]) + catDict->lookup("OutputIntents", &intents); + catDict->lookupNF("AcroForm", &afObj); + Ref *refPage = docs[0]->getCatalog()->getPageRef(1); +- if (!afObj.isNull()) { ++ if (!afObj.isNull() && refPage) { + docs[0]->markAcroForm(&afObj, yRef, countRef, 0, refPage->num, refPage->num); + } + catDict->lookupNF("OCProperties", &ocObj); +- if (!ocObj.isNull() && ocObj.isDict()) { ++ if (!ocObj.isNull() && ocObj.isDict() && refPage) { + docs[0]->markPageObjects(ocObj.getDict(), yRef, countRef, 0, refPage->num, refPage->num); + } + catDict->lookup("Names", &names); +- if (!names.isNull() && names.isDict()) { ++ if (!names.isNull() && names.isDict() && refPage) { + docs[0]->markPageObjects(names.getDict(), yRef, countRef, 0, refPage->num, refPage->num); + } + if (intents.isArray() && intents.arrayGetLength() > 0) { +@@ -353,6 +353,10 @@ int main (int argc, char *argv[]) + + for (i = 0; i < (int) docs.size(); i++) { + for (j = 1; j <= docs[i]->getNumPages(); j++) { ++ if (!docs[i]->getCatalog()->getPage(j)) { ++ continue; ++ } ++ + PDFRectangle *cropBox = NULL; + if (docs[i]->getCatalog()->getPage(j)->isCropped()) + cropBox = docs[i]->getCatalog()->getPage(j)->getCropBox(); +-- +cgit v0.10.2 + diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm index ffd7634eab..7b76955e23 100644 --- a/gnu/packages/pdf.scm +++ b/gnu/packages/pdf.scm @@ -135,7 +135,8 @@ (define poppler/fixed (source (origin (inherit (package-source poppler)) - (patches (search-patches "poppler-CVE-2017-9776.patch")))))) + (patches (search-patches "poppler-fix-crash-with-broken-documents.patch" + "poppler-CVE-2017-9776.patch")))))) (define-public poppler-qt4 (package/inherit poppler -- cgit v1.2.3