!45 fix CVE-2022-38784

From: @zhouwenpei Reviewed-by: @t_feng Signed-off-by: @t_feng
2022-09-07 01:52:59 +00:00 · 2022-09-07 01:52:59 +00:00 · 6fc4e10985
commit 6fc4e10985
parent 01d64842a7 5316d65692
2 changed files with 42 additions and 1 deletions
--- a/backport-CVE-2022-38784.patch
+++ b/backport-CVE-2022-38784.patch
@ -0,0 +1,36 @@
+From 27354e9d9696ee2bc063910a6c9a6b27c5184a52 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid <aacid@kde.org>
+Date: Thu, 25 Aug 2022 00:14:22 +0200
+Subject: [PATCH] JBIG2Stream: Fix crash on broken file
+
+https://github.com/jeffssh/CVE-2021-30860
+
+Thanks to David Warren for the heads up
+
+---
+ poppler/JBIG2Stream.cc | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
+index 25df3db..5a52f2d 100644
+--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
+@@ -2083,7 +2083,14 @@ void JBIG2Stream::readTextRegionSeg(Guint segNum, GBool imm,
+   for (i = 0; i < nRefSegs; ++i) {
+     if ((seg = findSegment(refSegs[i]))) {
+       if (seg->getType() == jbig2SegSymbolDict) {
+-	numSyms += ((JBIG2SymbolDict *)seg)->getSize();
+       Guint segSize = ((JBIG2SymbolDict *)seg)->getSize();
+       if (segSize > INT_MAX || numSyms > INT_MAX - segSize) {
+         error(errSyntaxError, getPos(),
+               "Too many symbols in JBIG2 text region");
+         delete codeTables;
+         return;
+       }
+       numSyms += segSize;
+       } else if (seg->getType() == jbig2SegCodeTable) {
+ 	codeTables->append(seg);
+       }
+-- 
+1.8.3.1
+
--- a/poppler.spec
+++ b/poppler.spec
@ -3,7 +3,7 @@
 
 Name:           poppler
 Version:        0.67.0
-Release:        7
+Release:        8
 Summary:        Poppler is a PDF rendering library based on the xpdf-3.0 code base
 License:        (GPLv2 or GPLv3) and GPLv2+ and LGPLv2+ and MIT
 URL:            https://poppler.freedesktop.org/
@ -37,6 +37,8 @@ Patch6016:      backport-CVE-2019-14494.patch
 Patch6017:      backport-CVE-2019-7310.patch
 Patch6018:      backport-CVE-2019-12293.patch
 Patch6019:      backport-CVE-2020-27778.patch
+Patch6020:      backport-CVE-2022-38784.patch
+


 BuildRequires:  cmake gcc-c++ gettext-devel qt5-qtbase-devel qt-devel cairo-devel fontconfig-devel 
@ -246,6 +248,9 @@ test "$(pkg-config --modversion poppler-splash)" = "%{version}"
 %{_mandir}/man1/*

 %changelog
+* Wed Sep 07 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 0.67.0-8
+- fix CVE-2022-38784
+
 * Wed Sep 29 2021 yangcheng <yangcheng87@huawei.com> - 0.67.0-7
 - Type:CVE
 - Id:CVE-2019-12293 CVE-2020-27778