diff options
author | Leo Famulari <leo@famulari.name> | 2016-04-29 03:31:41 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2016-04-30 16:14:38 -0400 |
commit | e411ce186021540770c389ec13b7b5b42252c4bb (patch) | |
tree | 62264de11a87c1c3e9579d8647d4189be394fd82 /gnu/packages/patches | |
parent | c7794307f1bb99a68d93840a74fda7a64189a381 (diff) | |
download | guix-e411ce186021540770c389ec13b7b5b42252c4bb.tar.gz |
gnu: poppler: Fix CVE-2015-8868.
* gnu/packages/pdf.scm (poppler)[replacement]: New field. (poppler/fixed): New variable. * gnu/packages/patches/poppler-CVE-2015-8868.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/poppler-CVE-2015-8868.patch | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/gnu/packages/patches/poppler-CVE-2015-8868.patch b/gnu/packages/patches/poppler-CVE-2015-8868.patch new file mode 100644 index 0000000000..ac78d32ffa --- /dev/null +++ b/gnu/packages/patches/poppler-CVE-2015-8868.patch @@ -0,0 +1,30 @@ +Fixes CVE-2015-8868 (heap overflow). + +Upstream source: +https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433 + +From b3425dd3261679958cd56c0f71995c15d2124433 Mon Sep 17 00:00:00 2001 +From: Albert Astals Cid <aacid@kde.org> +Date: Tue, 22 Dec 2015 22:50:33 +0100 +Subject: Do not crash on invalid files + +Bug #93476 + +diff --git a/poppler/Function.cc b/poppler/Function.cc +index 67283df..ee5afc1 100644 +--- a/poppler/Function.cc ++++ b/poppler/Function.cc +@@ -577,6 +577,10 @@ ExponentialFunction::ExponentialFunction(Object *funcObj, Dict *dict) { + goto err2; + } + n = obj1.arrayGetLength(); ++ if (unlikely(n > funcMaxOutputs)) { ++ error(errSyntaxError, -1, "Function's C0 array is wrong length"); ++ n = funcMaxOutputs; ++ } + for (i = 0; i < n; ++i) { + obj1.arrayGet(i, &obj2); + if (!obj2.isNum()) { +-- +cgit v0.10.2 + |