diff options
author | B. Watson <yalhcru@gmail.com> | 2014-02-25 08:02:21 +0700 |
---|---|---|
committer | Willy Sudiarto Raharjo <willysr@slackbuilds.org> | 2014-02-25 08:20:33 +0700 |
commit | 4b6d7eae729f9f3ed6d8bbe2b7de4cc5873c97a2 (patch) | |
tree | f7566979c573b07f6fdbd0e57e01dbf2dabf4f0e /office/mupdf/xps_parse_color_overflow_fix.diff | |
parent | 83fb4c734785db4ca563d653461510fcfb79e1f4 (diff) | |
download | slackbuilds-4b6d7eae729f9f3ed6d8bbe2b7de4cc5873c97a2.tar.gz slackbuilds-4b6d7eae729f9f3ed6d8bbe2b7de4cc5873c97a2.tar.xz |
office/mupdf: Fixed CVE-2014-2013.
Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
Diffstat (limited to 'office/mupdf/xps_parse_color_overflow_fix.diff')
-rw-r--r-- | office/mupdf/xps_parse_color_overflow_fix.diff | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/office/mupdf/xps_parse_color_overflow_fix.diff b/office/mupdf/xps_parse_color_overflow_fix.diff new file mode 100644 index 0000000000..3995b665cc --- /dev/null +++ b/office/mupdf/xps_parse_color_overflow_fix.diff @@ -0,0 +1,60 @@ +diff -Naur mupdf-1.2-source/xps/xps_common.c mupdf-1.2-source.patched/xps/xps_common.c +--- mupdf-1.2-source/xps/xps_common.c 2013-02-13 15:25:08.000000000 -0500 ++++ mupdf-1.2-source.patched/xps/xps_common.c 2014-02-24 15:25:35.000000000 -0500 +@@ -89,7 +89,7 @@ + if (scb_color_att) + { + fz_colorspace *colorspace; +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + xps_parse_color(doc, base_uri, scb_color_att, &colorspace, samples); + opacity = opacity * samples[0]; + } +@@ -273,6 +273,11 @@ + + *p++ = 0; + n = count_commas(p) + 1; ++ if (n > FZ_MAX_COLORS) ++ { ++ fz_warn(doc->ctx, "ignoring %d color components (max %d allowed)", n - FZ_MAX_COLORS, FZ_MAX_COLORS); ++ n = FZ_MAX_COLORS; ++ } + i = 0; + while (i < n) + { +diff -Naur mupdf-1.2-source/xps/xps_glyphs.c mupdf-1.2-source.patched/xps/xps_glyphs.c +--- mupdf-1.2-source/xps/xps_glyphs.c 2013-02-13 15:25:08.000000000 -0500 ++++ mupdf-1.2-source.patched/xps/xps_glyphs.c 2014-02-24 15:25:57.000000000 -0500 +@@ -591,7 +591,7 @@ + + if (fill_att) + { +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + fz_colorspace *colorspace; + + xps_parse_color(doc, base_uri, fill_att, &colorspace, samples); +diff -Naur mupdf-1.2-source/xps/xps_gradient.c mupdf-1.2-source.patched/xps/xps_gradient.c +--- mupdf-1.2-source/xps/xps_gradient.c 2013-02-13 15:25:08.000000000 -0500 ++++ mupdf-1.2-source.patched/xps/xps_gradient.c 2014-02-24 15:26:30.000000000 -0500 +@@ -38,7 +38,7 @@ + struct stop *stops, int maxcount) + { + fz_colorspace *colorspace; +- float sample[8]; ++ float sample[FZ_MAX_COLORS]; + float rgb[3]; + int before, after; + int count; +diff -Naur mupdf-1.2-source/xps/xps_path.c mupdf-1.2-source.patched/xps/xps_path.c +--- mupdf-1.2-source/xps/xps_path.c 2013-02-13 15:25:08.000000000 -0500 ++++ mupdf-1.2-source.patched/xps/xps_path.c 2014-02-24 15:27:07.000000000 -0500 +@@ -826,7 +826,7 @@ + + fz_stroke_state *stroke = NULL; + fz_matrix transform; +- float samples[32]; ++ float samples[FZ_MAX_COLORS]; + fz_colorspace *colorspace; + fz_path *path; + fz_path *stroke_path = NULL; |