Commit fbda5c5b authored by Josselin Mouette's avatar Josselin Mouette

* New upstream release.

* Bump Qt requirements.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-3938 (Closes: #534680)

svn path=/trunk/poppler/; revision=265
parent 237f6b07
poppler (0.12.4-1) unstable; urgency=low
* New upstream release.
* Bump Qt requirements.
-- Josselin Mouette <joss@debian.org> Fri, 16 Apr 2010 19:22:34 +0200
poppler (0.12.2-2.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-3938 (Closes: #534680)
-- Giuseppe Iuculano <iuculano@debian.org> Tue, 22 Dec 2009 16:11:27 +0100
poppler (0.12.2-2) unstable; urgency=low
* Switch to quilt to manage patches.
......
......@@ -14,7 +14,7 @@ Build-Depends: cdbs (>= 0.4.52),
libgtk2.0-dev (>= 2.12),
libfontconfig1-dev,
libqt3-mt-dev (>= 3:3.3.4-4),
libqt4-dev (>= 4.3.0),
libqt4-dev (>= 4.4.0),
libglade2-dev,
libcairo2-dev (>= 1.8.4),
libopenjpeg-dev,
......
Fixed CVE-2009-3938
--- a/poppler/ABWOutputDev.cc
+++ b/poppler/ABWOutputDev.cc
@@ -20,6 +20,7 @@
#include <stdarg.h>
#include <stddef.h>
#include <ctype.h>
+#include <float.h>
#include <math.h>
#include "goo/GooString.h"
#include "goo/GooList.h"
@@ -36,6 +37,23 @@
#include <libxml/xpath.h>
#include <libxml/xpathInternals.h>
+#define MAX(a, b) (((a) > (b)) ? (a) : (b))
+
+// 1: potential -
+// DBL_MAX_10_EXP: 10^x
+// 1: last digit before '.'
+// 1: '.'
+// 6: digits after '.'
+// 1: '\0' at the end
+#define BUFLEN_FOR_DOUBLE (1 + DBL_MAX_10_EXP + 1 + 1 + 6 + 1)
+
+// potential -, INT_MAX is 2147483647, and the trailing '\0'
+#define BUFLEN_FOR_INT (1 + 10 + 1)
+
+//I wouldn't know what size this should safely be. I guess 64 bytes should be
+//enough for any unicode character
+#define BUFLEN_FOR_UNICODE_CHAR 64
+
// Inter-character space width which will cause addChar to start a new
// word.
@@ -157,7 +175,7 @@ void ABWOutputDev::splitNodes(float spli
xmlNodePtr N_move, N_cur, N_newH, N_newL;
char * propName;
const char *nodeName;
- char buf[20];
+ char buf[BUFLEN_FOR_DOUBLE];
if (direction == HORIZONTAL) {
propName = "Y1";
nodeName = "horizontal";
@@ -261,7 +279,7 @@ float ABWOutputDev::getBiggestSeperator(
}
void ABWOutputDev::updateFont(GfxState *state) {
- char buf[160];
+ char buf[BUFLEN_FOR_INT];
xmlNodePtr N_cur;
GfxFont *font;
bool found = false;
@@ -341,9 +359,7 @@ void ABWOutputDev::drawChar(GfxState *st
double originX, double originY,
CharCode code, int nBytes, Unicode *u, int uLen)
{
- //I wouldn't know what size this should safely be. I guess 64 bytes should be
- //enough for any unicode character
- char buf[64];
+ char buf[BUFLEN_FOR_UNICODE_CHAR];
int charLen;
x = dx;
y = dy;
@@ -401,7 +417,7 @@ void ABWOutputDev::endString(GfxState *s
}
void ABWOutputDev::beginWord(GfxState *state, double x, double y){
- char buf[20];
+ char buf[MAX(BUFLEN_FOR_INT, BUFLEN_FOR_DOUBLE)];
// printf("***BREAK!***\n");
endWord();
X1 = x;
@@ -421,7 +437,7 @@ void ABWOutputDev::beginWord(GfxState *s
}
void ABWOutputDev::endWord(){
- char buf[20];
+ char buf[BUFLEN_FOR_DOUBLE];
if (N_word) {
sprintf(buf, "%f", X2); xmlNewProp(N_word, BAD_CAST "X2", BAD_CAST buf);
sprintf(buf, "%f", Y2); xmlNewProp(N_word, BAD_CAST "Y2", BAD_CAST buf);
@@ -618,7 +634,7 @@ void ABWOutputDev::cleanUpNode(xmlNodePt
double tX1=-1, tX2=-1, tY1=-1, tY2=-1;
xmlNodePtr N_cur, N_next;
N_cur = N_parent->children;
- char buf[20];
+ char buf[MAX(BUFLEN_FOR_INT, BUFLEN_FOR_DOUBLE)];
int prevStyle = -1;
xmlChar *val;
int styleLength = xmlLsCountNode(N_styleset)+1;
@@ -995,16 +1011,22 @@ void ABWOutputDev::createABW() {
//change styles to abiword format
xmlNodePtr N_cur, N_next;
xmlAttrPtr N_prop;
- char buf[500];
for (N_cur = N_styleset->children; N_cur; N_cur = N_cur->next){
+ char *font = (char *)xmlGetProp(N_cur,BAD_CAST "font");
+ char *bold = (char *)xmlGetProp(N_cur,BAD_CAST "bold");
+ char *italic = (char *)xmlGetProp(N_cur,BAD_CAST "italic");
+ char buf[278 + BUFLEN_FOR_INT + 12 + strlen(font) + 1 + 12 + strlen(bold) + 1 + 12 + strlen(italic) + 1];
+
sprintf(buf,"margin-top:0pt; color:000000; margin-left:0pt; text-position:normal; widows:2; text-indent:0in; font-variant:normal; margin-right:0pt; lang:nl-NL; line-height:1.0; font-size:%dpt; text-decoration:none; margin-bottom:0pt; bgcolor:transparent; text-align:left; font-stretch:normal;",int(xmlXPathCastStringToNumber(xmlGetProp(N_cur,BAD_CAST "size"))));
strncat(buf,"font-family:",12);
- strncat(buf,(char *)xmlGetProp(N_cur,BAD_CAST "font"),strlen((char *)xmlGetProp(N_cur,BAD_CAST "font")));
+ strncat(buf,font,strlen(font));
strncat(buf,";",1);
strncat(buf,"font-weight:",12);
- strncat(buf,(char *)xmlGetProp(N_cur,BAD_CAST "bold"),strlen((char *)xmlGetProp(N_cur,BAD_CAST "bold")));
+ strncat(buf,bold,strlen(bold));
+ strncat(buf,";",1);
strncat(buf,"font-style:",12);
- strncat(buf,(char *)xmlGetProp(N_cur,BAD_CAST "italic"),strlen((char *)xmlGetProp(N_cur,BAD_CAST "italic")));
+ strncat(buf,italic,strlen(italic));
+ strncat(buf,";",1);
xmlSetProp(N_cur, BAD_CAST "props", BAD_CAST buf);
N_prop = xmlHasProp(N_cur, BAD_CAST "id");
if (N_prop != NULL) xmlRemoveProp(N_prop);
@@ -1036,7 +1058,6 @@ void ABWOutputDev::createABW() {
}
void ABWOutputDev::transformPage(xmlNodePtr N_parent){
- char buf[60];
xmlNodePtr N_cur, N_curLine, N_curText, N_curWord, text, space;
//translate the nodes into abiword nodes
if (xmlStrcasecmp(N_parent->name,BAD_CAST "page") == 0){
@@ -1085,6 +1106,7 @@ void ABWOutputDev::transformPage(xmlNode
xmlNewChild(N_text, NULL, BAD_CAST "cbr", NULL);
}
if (xmlStrcasecmp(N_parent->name,BAD_CAST "colset") == 0){
+ char buf[strlen("columns:") + BUFLEN_FOR_INT];
//fprintf(stderr,"Found a colset\n");
//create new section columns: count childNodes of N_cur
//recurse through chunks and create textNodes
01_revert_abi_change.patch
02_autohinting_abi_compatibility.patch
03_CVE-2009-3938.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment