guix-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: poppler: Fix null pointer dereferences.

From: Mark H. Weaver
Subject: 01/01: gnu: poppler: Fix null pointer dereferences.
Date: Mon, 10 Jul 2017 13:01:40 -0400 (EDT) 
mhw pushed a commit to branch master
in repository guix.

commit ef019092b98e1337acac51525e8e4e092267f69c
Author: Mark H Weaver <address@hidden>
Date:   Sun Jul 9 18:01:02 2017 -0400

    gnu: poppler: Fix null pointer dereferences.
    
    * gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch: New
    file.
    * gnu/local.mk (dist_patch_DATA): Add it.
    * gnu/packages/pdf.scm (poppler/fixed)[source]: Add the patch.
---
 gnu/local.mk                                       |  1 +
 .../poppler-fix-crash-with-broken-documents.patch  | 61 ++++++++++++++++++++++
 gnu/packages/pdf.scm                               |  3 +-
 3 files changed, 64 insertions(+), 1 deletion(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index 32b6219..d792ff7 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -915,6 +915,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/polkit-drop-test.patch                  \
   %D%/packages/patches/policycoreutils-make-sepolicy-use-python3.patch \
   %D%/packages/patches/poppler-CVE-2017-9776.patch             \
+  %D%/packages/patches/poppler-fix-crash-with-broken-documents.patch   \
   %D%/packages/patches/portaudio-audacity-compat.patch         \
   %D%/packages/patches/portmidi-modular-build.patch            \
   %D%/packages/patches/procmail-ambiguous-getline-debian.patch  \
diff --git a/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch 
b/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch
new file mode 100644
index 0000000..353a16e
--- /dev/null
+++ b/gnu/packages/patches/poppler-fix-crash-with-broken-documents.patch
@@ -0,0 +1,61 @@
+Copied from:
+
+  
https://cgit.freedesktop.org/poppler/poppler/patch/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a
+
+From 5c9b08a875b07853be6c44e43ff5f7f059df666a Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <address@hidden>
+Date: Sat, 27 May 2017 00:09:17 +0200
+Subject: pdfunite: Fix crash with broken documents
+
+Sometimes we can't parse pages so check before accessing them
+
+Thanks to Jiaqi Peng for the report
+
+Fixes bugs #101153 and #101149
+
+diff --git a/utils/pdfunite.cc b/utils/pdfunite.cc
+index dfe48bf..c32e201 100644
+--- a/utils/pdfunite.cc
++++ b/utils/pdfunite.cc
+@@ -7,7 +7,7 @@
+ // Copyright (C) 2011-2015, 2017 Thomas Freitag <address@hidden>
+ // Copyright (C) 2012 Arseny Solokha <address@hidden>
+ // Copyright (C) 2012 Fabio D'Urso <address@hidden>
+-// Copyright (C) 2012, 2014 Albert Astals Cid <address@hidden>
++// Copyright (C) 2012, 2014, 2017 Albert Astals Cid <address@hidden>
+ // Copyright (C) 2013 Adrian Johnson <address@hidden>
+ // Copyright (C) 2013 Hib Eris <address@hidden>
+ // Copyright (C) 2015 Arthur Stavisky <address@hidden>
+@@ -268,15 +268,15 @@ int main (int argc, char *argv[])
+     catDict->lookup("OutputIntents", &intents);
+     catDict->lookupNF("AcroForm", &afObj);
+     Ref *refPage = docs[0]->getCatalog()->getPageRef(1);
+-    if (!afObj.isNull()) {
++    if (!afObj.isNull() && refPage) {
+       docs[0]->markAcroForm(&afObj, yRef, countRef, 0, refPage->num, 
refPage->num);
+     }
+     catDict->lookupNF("OCProperties", &ocObj);
+-    if (!ocObj.isNull() && ocObj.isDict()) {
++    if (!ocObj.isNull() && ocObj.isDict() && refPage) {
+       docs[0]->markPageObjects(ocObj.getDict(), yRef, countRef, 0, 
refPage->num, refPage->num);
+     }
+     catDict->lookup("Names", &names);
+-    if (!names.isNull() && names.isDict()) {
++    if (!names.isNull() && names.isDict() && refPage) {
+       docs[0]->markPageObjects(names.getDict(), yRef, countRef, 0, 
refPage->num, refPage->num);
+     }
+     if (intents.isArray() && intents.arrayGetLength() > 0) {
+@@ -353,6 +353,10 @@ int main (int argc, char *argv[])
+ 
+   for (i = 0; i < (int) docs.size(); i++) {
+     for (j = 1; j <= docs[i]->getNumPages(); j++) {
++      if (!docs[i]->getCatalog()->getPage(j)) {
++        continue;
++      }
++
+       PDFRectangle *cropBox = NULL;
+       if (docs[i]->getCatalog()->getPage(j)->isCropped())
+         cropBox = docs[i]->getCatalog()->getPage(j)->getCropBox();
+-- 
+cgit v0.10.2
+
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index ffd7634..7b76955 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -135,7 +135,8 @@
   (source
     (origin
       (inherit (package-source poppler))
-      (patches (search-patches "poppler-CVE-2017-9776.patch"))))))
+      (patches (search-patches "poppler-fix-crash-with-broken-documents.patch"
+                               "poppler-CVE-2017-9776.patch"))))))
 
 (define-public poppler-qt4
   (package/inherit poppler
reply via email to
[Prev in Thread] Current Thread [Next in Thread]