Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/desktop/poppler/patches/poppler-09-heap-overflow.patch
changeset 6408 3c9262a98d5d
parent 6407 233620acc9da
child 6409 a57c61602ca6 
--- a/components/desktop/poppler/patches/poppler-09-heap-overflow.patch	Wed Jul 13 09:59:57 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,24 +0,0 @@
-Fix for heap overflow problem reported on the oss-security mailing list
-on 11th April 2016. The poppler library is used in evince and okular and
-for preview in nautilus. Versions pre 0.40.0 are vulnerable.
-
-Fix is commited upstream. See:
-
-https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433
-
-This patch intentionally adjusted (i.e. "errSyntaxError," removed) to compile
-with the prehistoric version of poppler that we currently have.
-
---- poppler-0.14.4/poppler/Function.cc.orig	2016-04-12 06:57:55.110746573 -0700
-+++ poppler-0.14.4/poppler/Function.cc	2016-04-12 07:19:00.683035273 -0700
-@@ -472,6 +472,10 @@
-       goto err2;
-     }
-     n = obj1.arrayGetLength();
-+    if (unlikely(n > funcMaxOutputs)) {
-+      error(-1, "Function's C0 array is wrong length");
-+      n = funcMaxOutputs;
-+    }
-     for (i = 0; i < n; ++i) {
-       obj1.arrayGet(i, &obj2);
-       if (!obj2.isNum()) {
upstream/oracle/userland-gate