diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/misc/djvulibre/CVE-2019-15143.patch')
-rw-r--r-- | nixpkgs/pkgs/applications/misc/djvulibre/CVE-2019-15143.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/misc/djvulibre/CVE-2019-15143.patch b/nixpkgs/pkgs/applications/misc/djvulibre/CVE-2019-15143.patch new file mode 100644 index 000000000000..ef1905338fba --- /dev/null +++ b/nixpkgs/pkgs/applications/misc/djvulibre/CVE-2019-15143.patch @@ -0,0 +1,39 @@ +commit b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f +Author: Leon Bottou <leon@bottou.org> +Date: Tue Mar 26 20:45:46 2019 -0400 + + fix for bug #297 + +diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp +index 0a0fac6..5a49015 100644 +--- a/libdjvu/DjVmDir.cpp ++++ b/libdjvu/DjVmDir.cpp +@@ -309,7 +309,7 @@ DjVmDir::decode(const GP<ByteStream> &gstr) + { + GP<File> file=files_list[pos]; + if (ptr >= (const char*)strings + strings_size) +- G_THROW( "DjVu document is corrupted (DjVmDir)" ); ++ G_THROW( ByteStream::EndOfFile ); + file->id=ptr; + ptr+=file->id.length()+1; + if (file->flags & File::HAS_NAME) +diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp +index 0e487f0..c2fdbe4 100644 +--- a/libdjvu/GBitmap.cpp ++++ b/libdjvu/GBitmap.cpp +@@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs) + int c = 0; + while (n >= 0) + { +- bs.read(&h, 1); ++ if (bs.read(&h, 1) <= 0) ++ G_THROW( ByteStream::EndOfFile ); + int x = h; + if (x >= (int)RUNOVERFLOWVALUE) + { +- bs.read(&h, 1); ++ if (bs.read(&h, 1) <= 0) ++ G_THROW( ByteStream::EndOfFile ); + x = h + ((x - (int)RUNOVERFLOWVALUE) << 8); + } + if (c+x > ncolumns) |