summary refs log tree commit diff
path: root/gnu/packages/patches/poppler-CVE-2017-9776.patch
blob: 17a2807171d70efd2388fd0bbac5f693ab120d3c (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
Fix CVE-2017-9776:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9776
https://bugs.freedesktop.org/show_bug.cgi?id=101541

Patch copied from upstream source repository:

https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc

From 55db66c69fd56826b8523710046deab1a8d14ba2 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Wed, 21 Jun 2017 00:55:20 +0200
Subject: [PATCH] Fix crash in malformed documents

---
 poppler/JBIG2Stream.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 48535883..d89108c8 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -896,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y,
   oneByte = x0 == ((x1 - 1) & ~7);
 
   for (yy = y0; yy < y1; ++yy) {
-    if (unlikely(y + yy) >= h)
+    if (unlikely((y + yy >= h) || (y + yy < 0)))
       continue;
 
     // one byte per line -- need to mask both left and right side
-- 
2.13.2