summary refs log tree commit diff
path: root/gnu/packages/patches/poppler-CVE-2018-19149.patch
blob: 3641f5f0782d55379295b6d1a6c237526faaef3f (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
Fix CVE-2018-19149:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19149
https://gitlab.freedesktop.org/poppler/poppler/issues/664

Patch copied from upstream source repository:

https://gitlab.freedesktop.org/poppler/poppler/commit/f162ecdea0dda5dbbdb45503c1d55d9afaa41d44

From f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Fri, 20 Apr 2018 11:38:13 +0200
Subject: [PATCH] Fix crash on missing embedded file

Check whether an embedded file is actually present in the PDF
and show warning in that case.

https://bugs.freedesktop.org/show_bug.cgi?id=106137
https://gitlab.freedesktop.org/poppler/poppler/issues/236
---
 glib/poppler-attachment.cc | 26 +++++++++++++++++---------
 glib/poppler-document.cc   |  3 ++-
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/glib/poppler-attachment.cc b/glib/poppler-attachment.cc
index c6502e9d..11ba5bb5 100644
--- a/glib/poppler-attachment.cc
+++ b/glib/poppler-attachment.cc
@@ -111,17 +111,25 @@ _poppler_attachment_new (FileSpec *emb_file)
     attachment->description = _poppler_goo_string_to_utf8 (emb_file->getDescription ());
 
   embFile = emb_file->getEmbeddedFile();
-  attachment->size = embFile->size ();
+  if (embFile != NULL && embFile->streamObject()->isStream())
+    {
+      attachment->size = embFile->size ();
 
-  if (embFile->createDate ())
-    _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
-  if (embFile->modDate ())
-    _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
+      if (embFile->createDate ())
+        _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
+      if (embFile->modDate ())
+        _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
 
-  if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
-    attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
-                                             embFile->checksum ()->getLength ());
-  priv->obj_stream = embFile->streamObject()->copy();
+      if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
+        attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
+                                                 embFile->checksum ()->getLength ());
+      priv->obj_stream = embFile->streamObject()->copy();
+    }
+  else
+    {
+      g_warning ("Missing stream object for embedded file");
+      g_clear_object (&attachment);
+    }
 
   return attachment;
 }
diff --git a/glib/poppler-document.cc b/glib/poppler-document.cc
index 83f6aea6..ea319344 100644
--- a/glib/poppler-document.cc
+++ b/glib/poppler-document.cc
@@ -670,7 +670,8 @@ poppler_document_get_attachments (PopplerDocument *document)
       attachment = _poppler_attachment_new (emb_file);
       delete emb_file;
 
-      retval = g_list_prepend (retval, attachment);
+      if (attachment != NULL)
+        retval = g_list_prepend (retval, attachment);
     }
   return g_list_reverse (retval);
 }
-- 
2.19.1