From ad75ca50360f9590325f0f709c091832b70eab1d Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sat, 8 Oct 2022 01:28:43 +0100 Subject: gentoo auto-resync : 08:10:2022 - 01:28:43 --- app-text/mupdf/Manifest | 6 - app-text/mupdf/files/mupdf-1.18-Makefile.patch | 42 ------- .../mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch | 51 -------- .../mupdf/files/mupdf-1.18.0-cross-fixes.patch | 128 --------------------- app-text/mupdf/files/mupdf-1.18.0-darwin.patch | 41 ------- .../files/mupdf-1.18.0-fix-oob-in-pdf-layer.c | 102 ---------------- .../mupdf/files/mupdf-1.18.0-fix-oob-in-pixmap.c | 41 ------- 7 files changed, 411 deletions(-) delete mode 100644 app-text/mupdf/files/mupdf-1.18-Makefile.patch delete mode 100644 app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch delete mode 100644 app-text/mupdf/files/mupdf-1.18.0-cross-fixes.patch delete mode 100644 app-text/mupdf/files/mupdf-1.18.0-darwin.patch delete mode 100644 app-text/mupdf/files/mupdf-1.18.0-fix-oob-in-pdf-layer.c delete mode 100644 app-text/mupdf/files/mupdf-1.18.0-fix-oob-in-pixmap.c (limited to 'app-text/mupdf') diff --git a/app-text/mupdf/Manifest b/app-text/mupdf/Manifest index d019dba986a4..334677658eed 100644 --- a/app-text/mupdf/Manifest +++ b/app-text/mupdf/Manifest @@ -1,12 +1,6 @@ AUX mupdf-1.10a-add-desktop-pc-xpm-files.patch 13387 BLAKE2B e0100380b328cfd8ce6099c35886a6f2e9508f6d08c678dbc1386e88998d01bdacd160020dc6ceefffbe09f4cf2b64d08acfb76f8535ffcc0dc93c65a3a2da78 SHA512 1d6ccfccf785cca01b1a607e94f90a5e31c748154e9fa7664b9863c7b26951f17a584ffc7cd23dd83d1e547498e22c902067e9695006824017e69d33dbf25a5b AUX mupdf-1.15-CFLAGS.patch 376 BLAKE2B ace255a4110df9200d627ac68f5950218eeaa993bbd37fa7fe2d676572cad02d50a632750e6a9bdf6269cd97501f709d075a79d7db8b9832909b59b33251b594 SHA512 c00cd5cb30d33a9cbc55557cab3c4e2be1ae86121c5b1b28b6e35f97f93751aa2e96e106f13b7f365a56ebcce8e1c5e4163a440e8c85a48130803f5a7aec63ed AUX mupdf-1.15-openssl-x11.patch 668 BLAKE2B 40810d21718e0f30e47e3d61fc3c10442568565e519d2713f952fb11355fc532717ef2df40a074c0c79ed725d34e639e9fbde02694b5ae7a76ae9a9ef9a36acb SHA512 89cd9bbef7c7e920aacf1de4a513fb98199ff2f033818b617203a4517a2aeb7ad5ed4a3720ceb6dec370560d85759c973a7c15d9a47924d0c3d51cd3a9c6ad5b -AUX mupdf-1.18-Makefile.patch 1246 BLAKE2B e0054c441b067ef4aec069cb0fd4342f16919af51ac53096f20a2dbc87a81e2bece8478441df493d6825eedca53f4c9634cfe8724980da119d0ac20035a4d423 SHA512 def7524e0468ca15220b2d9c718ef61da4ce007c43f591ae3ad80afe55f86549985b1c5ec3d3d266045a0a6ca399580f8f4e001893d4feaabb7785a8a4df278e -AUX mupdf-1.18.0-CVE-2021-3407.patch 1597 BLAKE2B acd956c6b2c50f1699af32c264c38bc2bd7c6d07de2b3d52b28aa44d63766f6a3f5d95400b0d364c4baf3949022bba6e7be33ae7c33831308c2e006fe8d061f6 SHA512 c63da7cd1c245e7b10a6823998a42398981c16ec87d059779d14d44f2c5d87adcd58b0d7b758e6aa22c04f7cc68f3989b882456122ca1cc9d6cd0a5ae79ca21e -AUX mupdf-1.18.0-cross-fixes.patch 5830 BLAKE2B e91e41b4889f2716d20b112b18924799db5d21274feb3699f2bca04fd3d93528d86e2ef05ccf25d1a0800e81a333d0703f837d45fef926746aeec1ece60c6ced SHA512 0e7a91474c3f31a5d5f7ddc461d74f1bc0cc8de7eb7bedbaa0f6335a6038327f5c7261d16baade5dba567b3d1ad49adf7a65ea40b226fca5f1eb58cc7bc0b07a -AUX mupdf-1.18.0-darwin.patch 1001 BLAKE2B 1d6f8452cda38dfca3b0e62069a560ed6119d02b391eb29740d093883a7eedb776df7d7a561fb116eee3315bd497a64658927d299af8315d0dc8215e300e192a SHA512 6ed41a5b61859cc6fdac2b5c93fbb6e6e16dfd9540d0950e702935c28e3793006d72dd178a95d6ccb06d1b76b5df7dd439006bbe5d98210c2985ee91c263d755 -AUX mupdf-1.18.0-fix-oob-in-pdf-layer.c 3462 BLAKE2B 861f5d6d0f81aed837d19ed19ba54158856bed5cab3ce8202bad11bb509b017e554ea37d9ebd05213386251b26bce10f83311c3de99fe663bf2995adc1231a9e SHA512 91620d0d429d2f4068e1834ec9466d9e9f9bfb363fba33247636e38651196580a89bd36785e42b31328070c42bd2210585ddabea8a0a970d72e7066e61804d6c -AUX mupdf-1.18.0-fix-oob-in-pixmap.c 1123 BLAKE2B d49194b540b489ad9d3a4b5057bbe6ac3a1414d0123b7c2d4710adad1ed7fd439f8e83162d07a86aee6bd778c35ea6798da166461ac6e358af6910cc6b492624 SHA512 1d836c1a3f37c21ed349da799d5cb0c57d3fc275a632a42343cda81aae76394273c06230fc9c22a6d5366498b51a057d5a11797376a4b2af96b937618ba31e11 AUX mupdf-1.19.0-Makefile.patch 1043 BLAKE2B 7f449713700d57c0bf072661babcb5122d09be82a0b89520999618e22c7b44ae950f0e9fd653330d34078229da8bd36f8e5fd273c5110cbeaeb47347b3e4f666 SHA512 ddbc11d3bf7a1480effd57c9587b85d735c97c5215dbf9dc66bac535356f9cbc5ecc0dd1003c367d6e60d969383afdd9014a66e8fb51384632be407fe01694d4 AUX mupdf-1.19.0-cross-fixes.patch 5740 BLAKE2B dcc38e628e1c0ddde9647d06ea8c58124cb7a1fe771e88465c0516ff3d1b50b820d2110107428bd762abe85905bc7b6cc283067ece88471442e76fab2fcaf2a9 SHA512 db4093d330c8ce9c9d1bfee5b708dd423e04eb6f2d5c87f8e5779d28bdd320f15b6847a308e87d183c9b38c5396c0518b70325ea09c9e8f4a733750e4cf5ca13 AUX mupdf-1.19.0-darwin.patch 1056 BLAKE2B ae532c2d68842c3a1bb424c707a51a5ed56a72e7557e89b3830ac55bc713982065d1ec7055b84b91589c8b98a690d037c0fb6c90480fd89989e0f90cc49f9b97 SHA512 24cb6885c174bbfbe5ddc2e8f9a15c5154aa5699a19b5931d60ebb761a7587d717dbb65fba45070f963c0c3f432f8f58c00537d10b050546173a48f5c729a7c4 diff --git a/app-text/mupdf/files/mupdf-1.18-Makefile.patch b/app-text/mupdf/files/mupdf-1.18-Makefile.patch deleted file mode 100644 index 32ee7e57c493..000000000000 --- a/app-text/mupdf/files/mupdf-1.18-Makefile.patch +++ /dev/null @@ -1,42 +0,0 @@ -diff --git a/Makefile b/Makefile -index b0fb617..528e117 100644 ---- a/Makefile -+++ b/Makefile -@@ -3,7 +3,7 @@ - -include user.make - - ifndef build -- build := release -+ build := debug - endif - - ifndef OUT -@@ -214,13 +214,15 @@ MUPDF_LIB = $(OUT)/libmupdf.$(SO) - - $(MUPDF_LIB) : $(MUPDF_OBJ) $(THIRD_OBJ) $(THREAD_OBJ) $(PKCS7_OBJ) - else --MUPDF_LIB = $(OUT)/libmupdf.a --THIRD_LIB = $(OUT)/libmupdf-third.a -+MUPDF_LIB = libmupdf.so.$(GENTOO_PV) -+MUPDF_STATIC = $(OUT)/libmupdf.a -+THIRD_LIB = - THREAD_LIB = $(OUT)/libmupdf-threads.a - PKCS7_LIB = $(OUT)/libmupdf-pkcs7.a - --$(MUPDF_LIB) : $(MUPDF_OBJ) --$(THIRD_LIB) : $(THIRD_OBJ) -+$(MUPDF_LIB) : $(MUPDF_OBJ) $(THIRD_OBJ) -+ $(QUIET_LINK) $(CC) $(LDFLAGS) --shared -Wl,-soname -Wl,$(MUPDF_LIB) -o $@ $^ $(THIRD_LIBS) $(LIBS) -+$(MUPDF_STATIC): $(MUPDF_OBJ) $(THIRD_OBJ) - $(THREAD_LIB) : $(THREAD_OBJ) - $(PKCS7_LIB) : $(PKCS7_OBJ) - endif -@@ -374,7 +376,7 @@ install: libs apps - - install -d $(DESTDIR)$(docdir) - install -d $(DESTDIR)$(docdir)/examples -- install -m 644 README COPYING CHANGES $(DESTDIR)$(docdir) -+ install -m 644 README CHANGES $(DESTDIR)$(docdir) - install -m 644 docs/*.html docs/*.css docs/*.png $(DESTDIR)$(docdir) - install -m 644 docs/examples/* $(DESTDIR)$(docdir)/examples - diff --git a/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch b/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch deleted file mode 100644 index 566ee562389c..000000000000 --- a/app-text/mupdf/files/mupdf-1.18.0-CVE-2021-3407.patch +++ /dev/null @@ -1,51 +0,0 @@ -https://bugs.gentoo.org/772311 - -From cee7cefc610d42fd383b3c80c12cbc675443176a Mon Sep 17 00:00:00 2001 -From: Robin Watts -Date: Fri, 22 Jan 2021 17:05:15 +0000 -Subject: [PATCH 1/1] Bug 703366: Fix double free of object during - linearization. - -This appears to happen because we parse an illegal object from -a broken file and assign it to object 0, which is defined to -be free. - -Here, we fix the parsing code so this can't happen. ---- - source/pdf/pdf-parse.c | 6 ++++++ - source/pdf/pdf-xref.c | 2 ++ - 2 files changed, 8 insertions(+) - -diff --git a/source/pdf/pdf-parse.c b/source/pdf/pdf-parse.c -index 7abc8c3d4..5761c3351 100644 ---- a/source/pdf/pdf-parse.c -+++ b/source/pdf/pdf-parse.c -@@ -749,6 +749,12 @@ pdf_parse_ind_obj(fz_context *ctx, pdf_document *doc, - fz_throw(ctx, FZ_ERROR_SYNTAX, "expected generation number (%d ? obj)", num); - } - gen = buf->i; -+ if (gen < 0 || gen >= 65536) -+ { -+ if (try_repair) -+ *try_repair = 1; -+ fz_throw(ctx, FZ_ERROR_SYNTAX, "invalid generation number (%d)", gen); -+ } - - tok = pdf_lex(ctx, file, buf); - if (tok != PDF_TOK_OBJ) -diff --git a/source/pdf/pdf-xref.c b/source/pdf/pdf-xref.c -index 1b2bdcd59..30197b4b8 100644 ---- a/source/pdf/pdf-xref.c -+++ b/source/pdf/pdf-xref.c -@@ -1190,6 +1190,8 @@ pdf_read_new_xref(fz_context *ctx, pdf_document *doc, pdf_lexbuf *buf) - { - ofs = fz_tell(ctx, doc->file); - trailer = pdf_parse_ind_obj(ctx, doc, doc->file, buf, &num, &gen, &stm_ofs, NULL); -+ if (num == 0) -+ fz_throw(ctx, FZ_ERROR_GENERIC, "Trailer object number cannot be 0\n"); - } - fz_catch(ctx) - { --- -2.17.1 - diff --git a/app-text/mupdf/files/mupdf-1.18.0-cross-fixes.patch b/app-text/mupdf/files/mupdf-1.18.0-cross-fixes.patch deleted file mode 100644 index 0576033a03a2..000000000000 --- a/app-text/mupdf/files/mupdf-1.18.0-cross-fixes.patch +++ /dev/null @@ -1,128 +0,0 @@ -Refreshed patches based on: -https://sources.debian.org/patches/mupdf/1.17.0+ds1-1/0004-MuPDF-crossbuild-use-target-arch-pkg-config.patch/ -https://sources.debian.org/patches/mupdf/1.17.0+ds1-1/0005-MuPDF-crossbuild-use-host-cc-for-utils.patch/ ---- a/Makefile -+++ b/Makefile -@@ -147,6 +147,9 @@ PKCS7_OBJ := $(PKCS7_SRC:%.c=$(OUT)/%.o) - - HEXDUMP_EXE := $(OUT)/scripts/hexdump.exe - -+$(HEXDUMP_EXE): scripts/hexdump.c -+ $(QUIET_CC) $(MKTGTDIR) ; $(CC_FOR_BUILD) $(CFLAGS) -o $@ $< -+ - FONT_BIN := $(sort $(wildcard resources/fonts/urw/*.cff)) - FONT_BIN += $(sort $(wildcard resources/fonts/han/*.ttc)) - FONT_BIN += $(sort $(wildcard resources/fonts/droid/*.ttf)) ---- a/Makerules -+++ b/Makerules -@@ -6,6 +6,9 @@ OS := $(OS:MSYS%=MINGW) - OS := $(OS:Windows_NT=MINGW) - OS := $(OS:Darwin=MACOS) - -+PKG_CONFIG ?= pkg-config -+CC_FOR_BUILD ?= $(CC) -+ - ifeq ($(findstring -fembed-bitcode,$(XCFLAGS)),) - # clang does not support these in combination with -fembed-bitcode - CFLAGS += -ffunction-sections -fdata-sections -@@ -128,51 +128,51 @@ else ifeq ($(OS),MACOS) - else ifeq ($(OS),Linux) - HAVE_OBJCOPY := yes - -- ifeq ($(shell pkg-config --exists freetype2 && echo yes),yes) -- SYS_FREETYPE_CFLAGS := $(shell pkg-config --cflags freetype2) -- SYS_FREETYPE_LIBS := $(shell pkg-config --libs freetype2) -+ ifeq ($(shell $(PKG_CONFIG) --exists freetype2 && echo yes),yes) -+ SYS_FREETYPE_CFLAGS := $(shell $(PKG_CONFIG) --cflags freetype2) -+ SYS_FREETYPE_LIBS := $(shell $(PKG_CONFIG) --libs freetype2) - endif -- ifeq ($(shell pkg-config --exists gumbo && echo yes),yes) -- SYS_GUMBO_CFLAGS := $(shell pkg-config --cflags gumbo) -- SYS_GUMBO_LIBS := $(shell pkg-config --libs gumbo) -+ ifeq ($(shell $(PKG_CONFIG) --exists gumbo && echo yes),yes) -+ SYS_GUMBO_CFLAGS := $(shell $(PKG_CONFIG) --cflags gumbo) -+ SYS_GUMBO_LIBS := $(shell $(PKG_CONFIG) --libs gumbo) - endif -- ifeq ($(shell pkg-config --exists harfbuzz && echo yes),yes) -- SYS_HARFBUZZ_CFLAGS := $(shell pkg-config --cflags harfbuzz) -- SYS_HARFBUZZ_LIBS := $(shell pkg-config --libs harfbuzz) -+ ifeq ($(shell $(PKG_CONFIG) --exists harfbuzz && echo yes),yes) -+ SYS_HARFBUZZ_CFLAGS := $(shell $(PKG_CONFIG) --cflags harfbuzz) -+ SYS_HARFBUZZ_LIBS := $(shell $(PKG_CONFIG) --libs harfbuzz) - endif -- ifeq ($(shell pkg-config --exists lcms2 && echo yes),yes) -- SYS_LCMS2_CFLAGS := $(shell pkg-config --cflags lcms2) -- SYS_LCMS2_LIBS := $(shell pkg-config --libs lcms2) -+ ifeq ($(shell $(PKG_CONFIG) --exists lcms2 && echo yes),yes) -+ SYS_LCMS2_CFLAGS := $(shell $(PKG_CONFIG) --cflags lcms2) -+ SYS_LCMS2_LIBS := $(shell $(PKG_CONFIG) --libs lcms2) - endif -- ifeq ($(shell pkg-config --exists libjpeg && echo yes),yes) -- SYS_LIBJPEG_CFLAGS := $(shell pkg-config --cflags libjpeg) -- SYS_LIBJPEG_LIBS := $(shell pkg-config --libs libjpeg) -+ ifeq ($(shell $(PKG_CONFIG) --exists libjpeg && echo yes),yes) -+ SYS_LIBJPEG_CFLAGS := $(shell $(PKG_CONFIG) --cflags libjpeg) -+ SYS_LIBJPEG_LIBS := $(shell $(PKG_CONFIG) --libs libjpeg) - endif -- ifeq ($(shell pkg-config --exists libopenjp2 && echo yes),yes) -- SYS_OPENJPEG_CFLAGS := $(shell pkg-config --cflags libopenjp2) -- SYS_OPENJPEG_LIBS := $(shell pkg-config --libs libopenjp2) -+ ifeq ($(shell $(PKG_CONFIG) --exists libopenjp2 && echo yes),yes) -+ SYS_OPENJPEG_CFLAGS := $(shell $(PKG_CONFIG) --cflags libopenjp2) -+ SYS_OPENJPEG_LIBS := $(shell $(PKG_CONFIG) --libs libopenjp2) - endif -- ifeq ($(shell pkg-config --exists zlib && echo yes),yes) -- SYS_ZLIB_CFLAGS := $(shell pkg-config --cflags zlib) -- SYS_ZLIB_LIBS := $(shell pkg-config --libs zlib) -+ ifeq ($(shell $(PKG_CONFIG) --exists zlib && echo yes),yes) -+ SYS_ZLIB_CFLAGS := $(shell $(PKG_CONFIG) --cflags zlib) -+ SYS_ZLIB_LIBS := $(shell $(PKG_CONFIG) --libs zlib) - endif - -- HAVE_LEPTONICA := $(shell pkg-config --exists 'lept >= 1.7.4' && echo yes) -+ HAVE_LEPTONICA := $(shell $(PKG_CONFIG) --exists 'lept >= 1.7.4' && echo yes) - ifeq ($(HAVE_LEPTONICA),yes) -- SYS_LEPTONICA_CFLAGS := $(shell pkg-config --cflags lept) -- SYS_LEPTONICA_LIBS := $(shell pkg-config --libs lept) -+ SYS_LEPTONICA_CFLAGS := $(shell $(PKG_CONFIG) --cflags lept) -+ SYS_LEPTONICA_LIBS := $(shell $(PKG_CONFIG) --libs lept) - endif - -- HAVE_TESSERACT := $(shell pkg-config --exists 'tesseract-ocr >= 4.0.0' && echo yes) -+ HAVE_TESSERACT := $(shell $(PKG_CONFIG) --exists 'tesseract-ocr >= 4.0.0' && echo yes) - ifeq ($(HAVE_TESSERACT),yes) -- SYS_TESSERACT_CFLAGS := $(shell pkg-config --cflags tesseract) -- SYS_TESSERACT_LIBS := $(shell pkg-config --libs tesseract) -+ SYS_TESSERACT_CFLAGS := $(shell $(PKG_CONFIG) --cflags tesseract) -+ SYS_TESSERACT_LIBS := $(shell $(PKG_CONFIG) --libs tesseract) - endif - -- HAVE_SYS_CURL := $(shell pkg-config --exists libcurl && echo yes) -+ HAVE_SYS_CURL := $(shell $(PKG_CONFIG) --exists libcurl && echo yes) - ifeq ($(HAVE_SYS_CURL),yes) -- SYS_CURL_CFLAGS := $(shell pkg-config --cflags libcurl) -- SYS_CURL_LIBS := $(shell pkg-config --libs libcurl) -+ SYS_CURL_CFLAGS := $(shell $(PKG_CONFIG) --cflags libcurl) -+ SYS_CURL_LIBS := $(shell $(PKG_CONFIG) --libs libcurl) - endif - - HAVE_GLUT := yes -@@ -183,14 +183,14 @@ else ifeq ($(OS),Linux) - - HAVE_X11 := not-unless-portage-tells-me - ifeq ($(HAVE_X11),yes) -- X11_CFLAGS := $(shell pkg-config --cflags x11 xext) -- X11_LIBS := $(shell pkg-config --libs x11 xext) -+ X11_CFLAGS := $(shell $(PKG_CONFIG) --cflags x11 xext) -+ X11_LIBS := $(shell $(PKG_CONFIG) --libs x11 xext) - endif - - HAVE_LIBCRYPTO := not-unless-portage-tells-me - ifeq ($(HAVE_LIBCRYPTO),yes) -- LIBCRYPTO_CFLAGS := $(shell pkg-config --cflags libcrypto) -DHAVE_LIBCRYPTO -- LIBCRYPTO_LIBS := $(shell pkg-config --libs libcrypto) -+ LIBCRYPTO_CFLAGS := $(shell $(PKG_CONFIG) --cflags libcrypto) -DHAVE_LIBCRYPTO -+ LIBCRYPTO_LIBS := $(shell $(PKG_CONFIG) --libs libcrypto) - endif - - HAVE_PTHREAD := yes diff --git a/app-text/mupdf/files/mupdf-1.18.0-darwin.patch b/app-text/mupdf/files/mupdf-1.18.0-darwin.patch deleted file mode 100644 index cdd8ccf0f40d..000000000000 --- a/app-text/mupdf/files/mupdf-1.18.0-darwin.patch +++ /dev/null @@ -1,41 +0,0 @@ ---- a/Makerules -+++ b/Makerules -@@ -117,11 +117,11 @@ ifeq ($(OS),MINGW) - else ifeq ($(OS),MACOS) - HAVE_GLUT := yes - SYS_GLUT_CFLAGS := -Wno-deprecated-declarations -- SYS_GLUT_LIBS := -framework GLUT -framework OpenGL -- CC = xcrun cc -- AR = xcrun ar -- LD = xcrun ld -- RANLIB = xcrun ranlib -+ SYS_GLUT_LIBS ?= -framework GLUT -framework OpenGL -+ CC ?= xcrun cc -+ AR ?= xcrun ar -+ LD ?= xcrun ld -+ RANLIB ?= xcrun ranlib - - else ifeq ($(OS),Linux) - HAVE_OBJCOPY := yes ---- a/Makerules -+++ b/Makerules -@@ -122,9 +122,7 @@ else ifeq ($(OS),MACOS) - AR ?= xcrun ar - LD ?= xcrun ld - RANLIB ?= xcrun ranlib -- --else ifeq ($(OS),Linux) -- HAVE_OBJCOPY := yes -+endif - - ifeq ($(shell $(PKG_CONFIG) --exists freetype2 && echo yes),yes) - SYS_FREETYPE_CFLAGS := $(shell $(PKG_CONFIG) --cflags freetype2) -@@ -197,8 +195,6 @@ else ifeq ($(OS),Linux) - PTHREAD_LIBS := -lpthread - endif - --endif -- - # The following section has various cross compilation configurations. - # - # Invoke these as: diff --git a/app-text/mupdf/files/mupdf-1.18.0-fix-oob-in-pdf-layer.c b/app-text/mupdf/files/mupdf-1.18.0-fix-oob-in-pdf-layer.c deleted file mode 100644 index dc4000b4cde6..000000000000 --- a/app-text/mupdf/files/mupdf-1.18.0-fix-oob-in-pdf-layer.c +++ /dev/null @@ -1,102 +0,0 @@ -From b82e9b6d6b46877e5c3763cc3bc641c66fa7eb54 Mon Sep 17 00:00:00 2001 -From: Robin Watts -Date: Thu, 8 Oct 2020 16:15:40 +0100 -Subject: [PATCH] Bug 701297: Harden populate_ui against unexpected repairs. - -We count the number of layers, and allocate space for them in -an array. We then walk the tree reading details of those layers -in. If we hit a problem that causes a repair while reading the -information, the number of layers can magically increase. In -the existing code we run off the end of the array. - -In the new code we watch for hitting the end of the array and -realloc as required. ---- - source/pdf/pdf-layer.c | 32 +++++++++++++++++++++++++------- - 1 file changed, 25 insertions(+), 7 deletions(-) - -diff --git a/source/pdf/pdf-layer.c b/source/pdf/pdf-layer.c -index 177f0c947..b8e9d7cad 100644 ---- a/source/pdf/pdf-layer.c -+++ b/source/pdf/pdf-layer.c -@@ -104,10 +104,27 @@ count_entries(fz_context *ctx, pdf_obj *obj) - } - - static pdf_ocg_ui * --populate_ui(fz_context *ctx, pdf_ocg_descriptor *desc, pdf_ocg_ui *ui, pdf_obj *order, int depth, pdf_obj *rbgroups, pdf_obj *locked) -+get_ocg_ui(fz_context *ctx, pdf_ocg_descriptor *desc, int fill) -+{ -+ if (fill == desc->num_ui_entries) -+ { -+ /* Number of layers changed while parsing; -+ * probably due to a repair. */ -+ int newsize = desc->num_ui_entries * 2; -+ if (newsize == 0) -+ newsize = 4; /* Arbitrary non-zero */ -+ desc->ui = fz_realloc_array(ctx, desc->ui, newsize, pdf_ocg_ui); -+ desc->num_ui_entries = newsize; -+ } -+ return &desc->ui[fill]; -+} -+ -+static int -+populate_ui(fz_context *ctx, pdf_ocg_descriptor *desc, int fill, pdf_obj *order, int depth, pdf_obj *rbgroups, pdf_obj *locked) - { - int len = pdf_array_len(ctx, order); - int i, j; -+ pdf_ocg_ui *ui; - - for (i = 0; i < len; i++) - { -@@ -118,7 +135,7 @@ populate_ui(fz_context *ctx, pdf_ocg_descriptor *desc, pdf_ocg_ui *ui, pdf_obj * - continue; - - fz_try(ctx) -- ui = populate_ui(ctx, desc, ui, o, depth+1, rbgroups, locked); -+ fill = populate_ui(ctx, desc, fill, o, depth+1, rbgroups, locked); - fz_always(ctx) - pdf_unmark_obj(ctx, o); - fz_catch(ctx) -@@ -126,14 +143,14 @@ populate_ui(fz_context *ctx, pdf_ocg_descriptor *desc, pdf_ocg_ui *ui, pdf_obj * - - continue; - } -- ui->depth = depth; - if (pdf_is_string(ctx, o)) - { -+ ui = get_ocg_ui(ctx, desc, fill++); -+ ui->depth = depth; - ui->ocg = -1; - ui->name = pdf_to_str_buf(ctx, o); - ui->button_flags = PDF_LAYER_UI_LABEL; - ui->locked = 1; -- ui++; - continue; - } - -@@ -144,13 +161,14 @@ populate_ui(fz_context *ctx, pdf_ocg_descriptor *desc, pdf_ocg_ui *ui, pdf_obj * - } - if (j == desc->len) - continue; /* OCG not found in main list! Just ignore it */ -+ ui = get_ocg_ui(ctx, desc, fill++); -+ ui->depth = depth; - ui->ocg = j; - ui->name = pdf_dict_get_string(ctx, o, PDF_NAME(Name), NULL); - ui->button_flags = pdf_array_contains(ctx, o, rbgroups) ? PDF_LAYER_UI_RADIOBOX : PDF_LAYER_UI_CHECKBOX; - ui->locked = pdf_array_contains(ctx, o, locked); -- ui++; - } -- return ui; -+ return fill; - } - - static void -@@ -188,7 +206,7 @@ load_ui(fz_context *ctx, pdf_ocg_descriptor *desc, pdf_obj *ocprops, pdf_obj *oc - desc->ui = Memento_label(fz_calloc(ctx, count, sizeof(pdf_ocg_ui)), "pdf_ocg_ui"); - fz_try(ctx) - { -- (void)populate_ui(ctx, desc, desc->ui, order, 0, rbgroups, locked); -+ desc->num_ui_entries = populate_ui(ctx, desc, 0, order, 0, rbgroups, locked); - } - fz_catch(ctx) - { diff --git a/app-text/mupdf/files/mupdf-1.18.0-fix-oob-in-pixmap.c b/app-text/mupdf/files/mupdf-1.18.0-fix-oob-in-pixmap.c deleted file mode 100644 index d19f0593a119..000000000000 --- a/app-text/mupdf/files/mupdf-1.18.0-fix-oob-in-pixmap.c +++ /dev/null @@ -1,41 +0,0 @@ -From 32e4e8b4bcbacbf92af7c88337efae21986d9603 Mon Sep 17 00:00:00 2001 -From: Robin Watts -Date: Thu, 8 Oct 2020 18:10:28 +0100 -Subject: [PATCH] Bug 702958: Fix overflow in fz_clear_pixmap_with_value. - ---- - source/fitz/pixmap.c | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/source/fitz/pixmap.c b/source/fitz/pixmap.c -index 66873d214..80d8bb62f 100644 ---- a/source/fitz/pixmap.c -+++ b/source/fitz/pixmap.c -@@ -555,7 +555,8 @@ void - fz_clear_pixmap_with_value(fz_context *ctx, fz_pixmap *pix, int value) - { - unsigned char *s; -- int w, h, n, stride, len; -+ int w, h, n; -+ ptrdiff_t stride, len; - int alpha = pix->alpha; - - w = pix->w; -@@ -572,7 +573,7 @@ fz_clear_pixmap_with_value(fz_context *ctx, fz_pixmap *pix, int value) - - n = pix->n; - stride = pix->stride; -- len = w * n; -+ len = (ptrdiff_t)w * n; - - s = pix->samples; - if (value == 255 || !alpha) -@@ -584,7 +585,7 @@ fz_clear_pixmap_with_value(fz_context *ctx, fz_pixmap *pix, int value) - } - while (h--) - { -- memset(s, value, (unsigned int)len); -+ memset(s, value, len); - s += stride; - } - } -- cgit v1.2.3