1 files changed, 39 insertions, 0 deletions

diff --git a/nixpkgs/pkgs/applications/misc/djvulibre/CVE-2019-15143.patch b/nixpkgs/pkgs/applications/misc/djvulibre/CVE-2019-15143.patch
new file mode 100644
index 000000000000..ef1905338fba
--- /dev/null
+++ b/nixpkgs/pkgs/applications/misc/djvulibre/CVE-2019-15143.patch
@@ -0,0 +1,39 @@
+commit b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f
+Author: Leon Bottou <leon@bottou.org>
+Date:   Tue Mar 26 20:45:46 2019 -0400
+
+    fix for bug #297
+
+diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp
+index 0a0fac6..5a49015 100644
+--- a/libdjvu/DjVmDir.cpp
++++ b/libdjvu/DjVmDir.cpp
+@@ -309,7 +309,7 @@ DjVmDir::decode(const GP<ByteStream> &gstr)
+       {
+          GP<File> file=files_list[pos];
+          if (ptr >= (const char*)strings + strings_size)
+-           G_THROW( "DjVu document is corrupted (DjVmDir)" );
++           G_THROW( ByteStream::EndOfFile );
+          file->id=ptr;
+          ptr+=file->id.length()+1;
+          if (file->flags & File::HAS_NAME)
+diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp
+index 0e487f0..c2fdbe4 100644
+--- a/libdjvu/GBitmap.cpp
++++ b/libdjvu/GBitmap.cpp
+@@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs)
+   int c = 0;
+   while (n >= 0)
+     {
+-      bs.read(&h, 1);
++      if (bs.read(&h, 1) <= 0)
++        G_THROW( ByteStream::EndOfFile );
+       int x = h;
+       if (x >= (int)RUNOVERFLOWVALUE)
+         {
+-          bs.read(&h, 1);
++          if (bs.read(&h, 1) <= 0)
++            G_THROW( ByteStream::EndOfFile );
+           x = h + ((x - (int)RUNOVERFLOWVALUE) << 8);
+         }
+       if (c+x > ncolumns)