Commit b5024f64 authored by Pino Toscano's avatar Pino Toscano

fix CVE-2010-0206

parent 50cf7f16
poppler (0.12.4-1.2+squeeze1) UNRELEASED; urgency=low
* Non-maintainer upload.
* Fix CVE-2010-0206.
-- Pino Toscano <pino@debian.org> Wed, 27 Jun 2012 18:36:18 +0200
......
From 30ea3ab8a1eecafb3366aef193910098fdb7ccc8 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 25 May 2010 23:07:56 +0100
Subject: [PATCH] Fix crash when parsing pdf in bug 28170
This code is a can of crashing worms :-7
---
poppler/JBIG2Stream.cc | 23 ++++++++++++++++-------
1 file changed, 16 insertions(+), 7 deletions(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 97994bd..f16ad58 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -742,13 +742,18 @@ JBIG2Bitmap *JBIG2Bitmap::getSlice(Guint x, Guint y, Guint wA, Guint hA) {
Guint xx, yy;
slice = new JBIG2Bitmap(0, wA, hA);
- slice->clearToZero();
- for (yy = 0; yy < hA; ++yy) {
- for (xx = 0; xx < wA; ++xx) {
- if (getPixel(x + xx, y + yy)) {
- slice->setPixel(xx, yy);
+ if (slice->isOk()) {
+ slice->clearToZero();
+ for (yy = 0; yy < hA; ++yy) {
+ for (xx = 0; xx < wA; ++xx) {
+ if (getPixel(x + xx, y + yy)) {
+ slice->setPixel(xx, yy);
+ }
}
}
+ } else {
+ delete slice;
+ slice = NULL;
}
return slice;
}
@@ -3224,8 +3229,12 @@ void JBIG2Stream::readGenericRefinementRegionSeg(Guint segNum, GBool imm,
// store the region bitmap
} else {
- bitmap->setSegNum(segNum);
- segments->append(bitmap);
+ if (bitmap) {
+ bitmap->setSegNum(segNum);
+ segments->append(bitmap);
+ } else {
+ error(curStr->getPos(), "readGenericRefinementRegionSeg with null bitmap");
+ }
}
// delete the referenced bitmap
--
1.7.10
01_revert_abi_change.patch
02_autohinting_abi_compatibility.patch
03_CVE-2009-3938.patch
04_security.patch
\ No newline at end of file
04_security.patch
05_CVE-2010-0206.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment