diff options
| author |   Stefan Schweizer <genstef@gentoo.org> | 2007-02-10 20:31:55 +0000 |
|---|---|---|
| committer | Stefan Schweizer <genstef@gentoo.org> | 2007-02-10 20:31:55 +0000 |
| commit | a093e5ddbf8056e59a07fcd0eef4c3b5a5d85f90 (patch) | |
| tree | bd8bb071e868db3104ea2c81af1e665c3a19dd6f /app-text/poppler/files | |
| parent | Remove old version. (diff) | |
| download | historical-a093e5ddbf8056e59a07fcd0eef4c3b5a5d85f90.tar.gz historical-a093e5ddbf8056e59a07fcd0eef4c3b5a5d85f90.tar.bz2 historical-a093e5ddbf8056e59a07fcd0eef4c3b5a5d85f90.zip | |
Add patch for security bug 162460
Package-Manager: portage-2.1.2-r7
Diffstat (limited to 'app-text/poppler/files')
| -rw-r--r-- | app-text/poppler/files/004_CVE-2007-0104.patch | 63 | ||||
| -rw-r--r-- | app-text/poppler/files/digest-poppler-0.5.4-r1 | 3 |
2 files changed, 66 insertions, 0 deletions
diff --git a/app-text/poppler/files/004_CVE-2007-0104.patch b/app-text/poppler/files/004_CVE-2007-0104.patch new file mode 100644 index 000000000000..1019b4f3efce --- /dev/null +++ b/app-text/poppler/files/004_CVE-2007-0104.patch @@ -0,0 +1,63 @@ +diff -Nur poppler-0.5.4/poppler/Catalog.cc poppler-0.5.4.new/poppler/Catalog.cc +--- poppler-0.5.4/poppler/Catalog.cc 2006-09-13 17:10:52.000000000 +0200 ++++ poppler-0.5.4.new/poppler/Catalog.cc 2007-01-16 17:57:43.000000000 +0100 +@@ -26,6 +26,12 @@ + #include "UGooString.h" + #include "Catalog.h" + ++// This define is used to limit the depth of recursive readPageTree calls ++// This is needed because the page tree nodes can reference their parents ++// leaving us in an infinite loop ++// Most sane pdf documents don't have a call depth higher than 10 ++#define MAX_CALL_DEPTH 1000 ++ + //------------------------------------------------------------------------ + // Catalog + //------------------------------------------------------------------------ +@@ -75,7 +81,7 @@ + pageRefs[i].num = -1; + pageRefs[i].gen = -1; + } +- numPages = readPageTree(pagesDict.getDict(), NULL, 0); ++ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0); + if (numPages != numPages0) { + error(-1, "Page count in top-level pages object is incorrect"); + } +@@ -217,7 +223,7 @@ + return s; + } + +-int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) { ++int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) { + Object kids; + Object kid; + Object kidRef; +@@ -262,9 +268,13 @@ + // This should really be isDict("Pages"), but I've seen at least one + // PDF file where the /Type entry is missing. + } else if (kid.isDict()) { +- if ((start = readPageTree(kid.getDict(), attrs1, start)) +- < 0) +- goto err2; ++ if (callDepth > MAX_CALL_DEPTH) { ++ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH); ++ } else { ++ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1)) ++ < 0) ++ goto err2; ++ } + } else { + error(-1, "Kid object (page %d) is wrong type (%s)", + start+1, kid.getTypeName()); +diff -Nur poppler-0.5.4/poppler/Catalog.h poppler-0.5.4.new/poppler/Catalog.h +--- poppler-0.5.4/poppler/Catalog.h 2006-01-23 15:43:36.000000000 +0100 ++++ poppler-0.5.4.new/poppler/Catalog.h 2007-01-16 17:58:09.000000000 +0100 +@@ -193,7 +193,7 @@ + PageMode pageMode; // page mode + PageLayout pageLayout; // page layout + +- int readPageTree(Dict *pages, PageAttrs *attrs, int start); ++ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth); + Object *findDestInTree(Object *tree, GooString *name, Object *obj); + }; + diff --git a/app-text/poppler/files/digest-poppler-0.5.4-r1 b/app-text/poppler/files/digest-poppler-0.5.4-r1 new file mode 100644 index 000000000000..3cf1476067e6 --- /dev/null +++ b/app-text/poppler/files/digest-poppler-0.5.4-r1 @@ -0,0 +1,3 @@ +MD5 053fdfd70533ecce1a06353fa945f061 poppler-0.5.4.tar.gz 1062401 +RMD160 f28c89b03388757067505df3c60a1d878626b0dd poppler-0.5.4.tar.gz 1062401 +SHA256 ca0f880a4ff07391e99b443f0e7c9860241df6a6aaa327b9d811b358d94a29c9 poppler-0.5.4.tar.gz 1062401 |