summary refs log tree commit diff
path: root/gnu/packages/patches/mupdf-CVE-2017-14687.patch
blob: cdc41df813be1bede376f4c2f26ac69cf4f40fb8 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
Fix CVE-2017-14687:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14687

Patch copied from upstream source repository:

https://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28

From 2b16dbd8f73269cb15ca61ece75cf8d2d196ed28 Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Tue, 19 Sep 2017 17:17:12 +0200
Subject: [PATCH] Fix 698558: Handle non-tags in tag name comparisons.

Use fz_xml_is_tag instead of fz_xml_tag && !strcmp idiom.
---
 source/html/css-apply.c   | 2 +-
 source/svg/svg-run.c      | 2 +-
 source/xps/xps-common.c   | 6 +++---
 source/xps/xps-glyphs.c   | 2 +-
 source/xps/xps-path.c     | 4 ++--
 source/xps/xps-resource.c | 2 +-
 6 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/source/html/css-apply.c b/source/html/css-apply.c
index de55490..6a91df0 100644
--- a/source/html/css-apply.c
+++ b/source/html/css-apply.c
@@ -328,7 +328,7 @@ match_selector(fz_css_selector *sel, fz_xml *node)
 
 	if (sel->name)
 	{
-		if (strcmp(sel->name, fz_xml_tag(node)))
+		if (!fz_xml_is_tag(node, sel->name))
 			return 0;
 	}
 
diff --git a/source/svg/svg-run.c b/source/svg/svg-run.c
index f974c67..5302c64 100644
--- a/source/svg/svg-run.c
+++ b/source/svg/svg-run.c
@@ -1044,7 +1044,7 @@ svg_run_use(fz_context *ctx, fz_device *dev, svg_document *doc, fz_xml *root, co
 		fz_xml *linked = fz_tree_lookup(ctx, doc->idmap, xlink_href_att + 1);
 		if (linked)
 		{
-			if (!strcmp(fz_xml_tag(linked), "symbol"))
+			if (fz_xml_is_tag(linked, "symbol"))
 				svg_run_use_symbol(ctx, dev, doc, root, linked, &local_state);
 			else
 				svg_run_element(ctx, dev, doc, linked, &local_state);
diff --git a/source/xps/xps-common.c b/source/xps/xps-common.c
index cc7fed9..f2f9b93 100644
--- a/source/xps/xps-common.c
+++ b/source/xps/xps-common.c
@@ -47,7 +47,7 @@ xps_parse_brush(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, const
 	else if (fz_xml_is_tag(node, "RadialGradientBrush"))
 		xps_parse_radial_gradient_brush(ctx, doc, ctm, area, base_uri, dict, node);
 	else
-		fz_warn(ctx, "unknown brush tag: %s", fz_xml_tag(node));
+		fz_warn(ctx, "unknown brush tag");
 }
 
 void
@@ -85,7 +85,7 @@ xps_begin_opacity(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, cons
 	if (opacity_att)
 		opacity = fz_atof(opacity_att);
 
-	if (opacity_mask_tag && !strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
+	if (fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
 	{
 		char *scb_opacity_att = fz_xml_att(opacity_mask_tag, "Opacity");
 		char *scb_color_att = fz_xml_att(opacity_mask_tag, "Color");
@@ -129,7 +129,7 @@ xps_end_opacity(fz_context *ctx, xps_document *doc, char *base_uri, xps_resource
 
 	if (opacity_mask_tag)
 	{
-		if (strcmp(fz_xml_tag(opacity_mask_tag), "SolidColorBrush"))
+		if (!fz_xml_is_tag(opacity_mask_tag, "SolidColorBrush"))
 			fz_pop_clip(ctx, dev);
 	}
 }
diff --git a/source/xps/xps-glyphs.c b/source/xps/xps-glyphs.c
index 29dc5b3..5b26d78 100644
--- a/source/xps/xps-glyphs.c
+++ b/source/xps/xps-glyphs.c
@@ -592,7 +592,7 @@ xps_parse_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ctm,
 
 	/* If it's a solid color brush fill/stroke do a simple fill */
 
-	if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
+	if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
 	{
 		fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
 		fill_att = fz_xml_att(fill_tag, "Color");
diff --git a/source/xps/xps-path.c b/source/xps/xps-path.c
index 6faeb0c..021d202 100644
--- a/source/xps/xps-path.c
+++ b/source/xps/xps-path.c
@@ -879,14 +879,14 @@ xps_parse_path(fz_context *ctx, xps_document *doc, const fz_matrix *ctm, char *b
 	if (!data_att && !data_tag)
 		return;
 
-	if (fill_tag && !strcmp(fz_xml_tag(fill_tag), "SolidColorBrush"))
+	if (fz_xml_is_tag(fill_tag, "SolidColorBrush"))
 	{
 		fill_opacity_att = fz_xml_att(fill_tag, "Opacity");
 		fill_att = fz_xml_att(fill_tag, "Color");
 		fill_tag = NULL;
 	}
 
-	if (stroke_tag && !strcmp(fz_xml_tag(stroke_tag), "SolidColorBrush"))
+	if (fz_xml_is_tag(stroke_tag, "SolidColorBrush"))
 	{
 		stroke_opacity_att = fz_xml_att(stroke_tag, "Opacity");
 		stroke_att = fz_xml_att(stroke_tag, "Color");
diff --git a/source/xps/xps-resource.c b/source/xps/xps-resource.c
index c2292e6..8e81ab8 100644
--- a/source/xps/xps-resource.c
+++ b/source/xps/xps-resource.c
@@ -84,7 +84,7 @@ xps_parse_remote_resource_dictionary(fz_context *ctx, xps_document *doc, char *b
 	if (!xml)
 		return NULL;
 
-	if (strcmp(fz_xml_tag(xml), "ResourceDictionary"))
+	if (!fz_xml_is_tag(xml, "ResourceDictionary"))
 	{
 		fz_drop_xml(ctx, xml);
 		fz_throw(ctx, FZ_ERROR_GENERIC, "expected ResourceDictionary element");
-- 
2.9.1