!38 fix stack-overflow in process_incl_chunk

Merge pull request !38 from 莫得感情的打包机器人/openEuler-20.03-LTS-SP3

djvulibre.spec

@@ -1,7 +1,7 @@
 Name:             djvulibre
 Summary:          An open source (GPL'ed) implementation of DjVu
 Version:          3.5.27
-Release:          18
+Release:          19
 License:          GPLv2+
 URL:              http://djvu.sourceforge.net/
 Source0:          http://downloads.sourceforge.net/djvu/djvulibre-%{version}.tar.gz
@@ -18,6 +18,7 @@ Patch9:           CVE-2021-32490.patch
 Patch10:          CVE-2021-32491.patch
 Patch11:          CVE-2021-32492.patch
 Patch12:          CVE-2021-3630.patch
+Patch13:          fix-stack-overflow-in-process_incl_chunk.patch
 
 Requires(post):   xdg-utils
 Requires(preun):  xdg-utils
@@ -101,6 +102,9 @@ rm -f %{_datadir}/icons/hicolor/32x32/apps/djvulibre-djview3.png || :
 %{_mandir}/man1/*
 
 %changelog
+* Mon Feb 07 2022 herengui <herengui@uniontech.com> - 3.5.27-19
+- fix stack-overflow in process_incl_chunk
+
 * Wed Jul 07 2021 wangyue<wangyue92@huawei.com> - 3.5.27-18
 - Fix CVE-2021-3630
 

fix-stack-overflow-in-process_incl_chunk.patch

@@ -0,0 +1,27 @@
+From dddf5d485e534c1f70d795ff37a0b2dba42e442a Mon Sep 17 00:00:00 2001
+From: herengui <herengui@uniontech.com>
+Date: Mon, 7 Feb 2022 10:26:11 +0800
+Subject: [PATCH] fix stack-overflow in process_incl_chunk
+
+Signed-off-by: herengui <herengui@uniontech.com>
+---
+ libdjvu/DjVuFile.cpp | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libdjvu/DjVuFile.cpp b/libdjvu/DjVuFile.cpp
+index d5be2e5..e9deef9 100644
+--- a/libdjvu/DjVuFile.cpp
++++ b/libdjvu/DjVuFile.cpp
+@@ -566,6 +566,9 @@ DjVuFile::process_incl_chunk(ByteStream & str, int file_num)
+     incl_str.setat(incl_str.length()-1, 0);
+   }
+   
++  if (!incl_str.is_valid())
++    return 0;
++
+   if (incl_str.length()>0)
+   {
+     if (strchr(incl_str, '/'))
+-- 
+2.20.1
+