packages/poppler
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!107 [sync] PR-104: fix CVE-2024-56378

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng
This commit is contained in:
openeuler-ci-bot 2024-12-24 11:14:52 +00:00 committed by Gitee
commit c033ee74db
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 78 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
backport-CVE-2024-56378.patch Normal file
View File

@ -0,0 +1,73 @@
From ade9b5ebed44b0c15522c27669ef6cdf93eff84e Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Tue, 17 Dec 2024 18:59:01 +0100
Subject: [PATCH] JBIG2Bitmap::combine: Fix crash on malformed files
Fixes #1553
---
poppler/JBIG2Stream.cc | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index f482a123f..b2f96e149 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -762,7 +762,7 @@ void JBIG2Bitmap::duplicateRow(int yDest, int ySrc)
void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp)
{
- int x0, x1, y0, y1, xx, yy;
+ int x0, x1, y0, y1, xx, yy, yyy;
unsigned char *srcPtr, *destPtr;
unsigned int src0, src1, src, dest, s1, s2, m1, m2, m3;
bool oneByte;
@@ -809,14 +809,17 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
oneByte = x0 == ((x1 - 1) & ~7);
for (yy = y0; yy < y1; ++yy) {
- if (unlikely((y + yy >= h) || (y + yy < 0))) {
+ if (unlikely(checkedAdd(y, yy, &yyy))) {
+ continue;
+ }
+ if (unlikely((yyy >= h) || (yyy < 0))) {
continue;
}
// one byte per line -- need to mask both left and right side
if (oneByte) {
if (x >= 0) {
- destPtr = data + (y + yy) * line + (x >> 3);
+ destPtr = data + yyy * line + (x >> 3);
srcPtr = bitmap->data + yy * bitmap->line;
dest = *destPtr;
src1 = *srcPtr;
@@ -839,7 +842,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
}
*destPtr = dest;
} else {
- destPtr = data + (y + yy) * line;
+ destPtr = data + yyy * line;
srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3);
dest = *destPtr;
src1 = *srcPtr;
@@ -869,7 +872,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
// left-most byte
if (x >= 0) {
- destPtr = data + (y + yy) * line + (x >> 3);
+ destPtr = data + yyy * line + (x >> 3);
srcPtr = bitmap->data + yy * bitmap->line;
src1 = *srcPtr++;
dest = *destPtr;
@@ -893,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, unsigned int combOp
*destPtr++ = dest;
xx = x0 + 8;
} else {
- destPtr = data + (y + yy) * line;
+ destPtr = data + yyy * line;
srcPtr = bitmap->data + yy * bitmap->line + (-x >> 3);
src1 = *srcPtr++;
xx = x0;
--
GitLab

6
poppler.spec
View File

@ -8,7 +8,7 @@
Name: poppler Name: poppler
Version: 23.12.0 Version: 23.12.0
Release: 3 Release: 4
Summary: PDF rendering library Summary: PDF rendering library
License: GPLv2+ and LGPLv2+ and MIT License: GPLv2+ and LGPLv2+ and MIT
URL: http://poppler.freedesktop.org/ URL: http://poppler.freedesktop.org/
@ -19,6 +19,7 @@ Patch1: poppler-0.90.0-position-independent-code.patch
Patch3: poppler-21.01.0-glib-introspection.patch Patch3: poppler-21.01.0-glib-introspection.patch
Patch6000: backport-CVE-2024-6239.patch Patch6000: backport-CVE-2024-6239.patch
Patch6001: backport-CVE-2024-56378.patch
BuildRequires: make BuildRequires: make
BuildRequires: cmake BuildRequires: cmake
@ -262,6 +263,9 @@ test "$(pkg-config --modversion poppler-qt6)" = "%{version}"
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Mon Dec 23 2024 Funda Wang <fundawang@yeah.net> - 23.12.0-4
- fix CVE-2024-56378
* Tue Jun 25 2024 lingsheng <lingsheng1@h-partners.com> - 23.12.0-3 * Tue Jun 25 2024 lingsheng <lingsheng1@h-partners.com> - 23.12.0-3
- Type:CVE - Type:CVE
- CVE:CVE-2024-6239 - CVE:CVE-2024-6239