packages/poppler
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!46 fix CVE-2022-27337

Browse Source 
From: @zppzhangpan 
Reviewed-by: @yanan-rock 
Signed-off-by: @yanan-rock
This commit is contained in:
openeuler-ci-bot 2023-03-15 06:22:41 +00:00 committed by Gitee
commit 3635d94c7d
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
backport-CVE-2022-27337.patch Normal file
View File

@ -0,0 +1,68 @@
From 81044c64b9ed9a10ae82a28bac753060bdfdac74 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 15 Mar 2022 15:14:32 +0100
Subject: [PATCH] Hints::readTables: bail out if we run out of file when
reading
Fixes #1230
Reference:https://gitlab.freedesktop.org/poppler/poppler/-/commit/81044c64b9ed9a10ae82a28bac753060bdfdac74
Conflict:NA
---
poppler/Hints.cc | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/poppler/Hints.cc b/poppler/Hints.cc
index 79f040888..4707e1c69 100644
--- a/poppler/Hints.cc
+++ b/poppler/Hints.cc
@@ -5,7 +5,7 @@
// This file is licensed under the GPLv2 or later
//
// Copyright 2010, 2012, 2013 Hib Eris <hib@hiberis.nl>
-// Copyright 2010, 2011, 2013, 2014, 2016-2019, 2021 Albert Astals Cid <aacid@kde.org>
+// Copyright 2010, 2011, 2013, 2014, 2016-2019, 2021, 2022 Albert Astals Cid <aacid@kde.org>
// Copyright 2010, 2013 Pino Toscano <pino@kde.org>
// Copyright 2013 Adrian Johnson <ajohnson@redneon.com>
// Copyright 2014 Fabio D'Urso <fabiodurso@hotmail.it>
@@ -189,21 +189,31 @@ void Hints::readTables(BaseStream *str, Linearization *linearization, XRef *xref
char *p = &buf[0];
if (hintsOffset && hintsLength) {
- Stream *s = str->makeSubStream(hintsOffset, false, hintsLength, Object(objNull));
+ std::unique_ptr<Stream> s(str->makeSubStream(hintsOffset, false, hintsLength, Object(objNull)));
s->reset();
for (unsigned int i = 0; i < hintsLength; i++) {
- *p++ = s->getChar();
+ const int c = s->getChar();
+ if (unlikely(c == EOF)) {
+ error(errSyntaxWarning, -1, "Found EOF while reading hints");
+ ok = false;
+ return;
+ }
+ *p++ = c;
}
- delete s;
}
if (hintsOffset2 && hintsLength2) {
- Stream *s = str->makeSubStream(hintsOffset2, false, hintsLength2, Object(objNull));
+ std::unique_ptr<Stream> s(str->makeSubStream(hintsOffset2, false, hintsLength2, Object(objNull)));
s->reset();
for (unsigned int i = 0; i < hintsLength2; i++) {
- *p++ = s->getChar();
+ const int c = s->getChar();
+ if (unlikely(c == EOF)) {
+ error(errSyntaxWarning, -1, "Found EOF while reading hints2");
+ ok = false;
+ return;
+ }
+ *p++ = c;
}
- delete s;
}
MemStream *memStream = new MemStream(&buf[0], 0, bufLength, Object(objNull));
--
GitLab

10
poppler.spec
View File

@ -4,7 +4,7 @@
Name: poppler Name: poppler
Version: 22.01.0 Version: 22.01.0
Release: 2 Release: 3
Summary: PDF rendering library Summary: PDF rendering library
License: GPLv2+ and LGPLv2+ and MIT License: GPLv2+ and LGPLv2+ and MIT
URL: http://poppler.freedesktop.org/ URL: http://poppler.freedesktop.org/
@ -15,6 +15,8 @@ Patch1: poppler-0.90.0-position-independent-code.patch
Patch3: poppler-21.01.0-glib-introspection.patch Patch3: poppler-21.01.0-glib-introspection.patch
Patch4: CVE-2022-38784.patch Patch4: CVE-2022-38784.patch
patch6000: backport-CVE-2022-27337.patch
BuildRequires: make BuildRequires: make
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
@ -249,6 +251,12 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}"
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Tue Mar 14 2023 zhangpan <zhangpan103@h-partners.com> - 22.01.0-3
- Type:CVE
- CVE:CVE-2022-27337
- SUG:NA
- DESC:fix CVE-2022-27337
* Tue Sep 06 2022 qz_cx <wangqingzheng@kylinos.cn> - 22.01.0-2 * Tue Sep 06 2022 qz_cx <wangqingzheng@kylinos.cn> - 22.01.0-2
- Type:CVE - Type:CVE
- CVE:CVE-2022-38784 - CVE:CVE-2022-38784