File CVE-2019-11459.patch of Package evince

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2019-11459.patch of Package evince

From 3e38d5ad724a042eebadcba8c2d57b0f48b7a8c7 Mon Sep 17 00:00:00 2001
From: Jason Crain <jcrain@src.gnome.org>
Date: Mon, 15 Apr 2019 23:06:36 -0600
Subject: [PATCH] tiff: Handle failure from TIFFReadRGBAImageOriented

The TIFFReadRGBAImageOriented function returns zero if it was unable to
read the image. Return NULL in this case instead of displaying
uninitialized memory.

Fixes #1129
---
 backend/tiff/tiff-document.c | 28 ++++++++++++++++++----------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
index 7715031b..38bb3bd8 100644
--- a/backend/tiff/tiff-document.c
+++ b/backend/tiff/tiff-document.c
@@ -292,18 +292,22 @@ tiff_document_render (EvDocument      *document,
 		g_warning("Failed to allocate memory for rendering.");
 		return NULL;
 	}
-	
+
+	if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
+					width, height,
+					(uint32 *)pixels,
+					orientation, 0)) {
+		g_warning ("Failed to read TIFF image.");
+		g_free (pixels);
+		return NULL;
+	}
+
 	surface = cairo_image_surface_create_for_data (pixels,
 						       CAIRO_FORMAT_RGB24,
 						       width, height,
 						       rowstride);
 	cairo_surface_set_user_data (surface, &key,
 				     pixels, (cairo_destroy_func_t)g_free);
-
-	TIFFReadRGBAImageOriented (tiff_document->tiff,
-				   width, height,
-				   (uint32 *)pixels,
-				   orientation, 0);
 	pop_handlers ();
 
 	/* Convert the format returned by libtiff to
@@ -384,13 +388,17 @@ tiff_document_get_thumbnail (EvDocument      *document,
 	if (!pixels)
 		return NULL;
 	
+	if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
+					width, height,
+					(uint32 *)pixels,
+					ORIENTATION_TOPLEFT, 0)) {
+		g_free (pixels);
+		return NULL;
+	}
+
 	pixbuf = gdk_pixbuf_new_from_data (pixels, GDK_COLORSPACE_RGB, TRUE, 8, 
 					   width, height, rowstride,
 					   (GdkPixbufDestroyNotify) g_free, NULL);
-	TIFFReadRGBAImageOriented (tiff_document->tiff,
-				   width, height,
-				   (uint32 *)pixels,
-				   ORIENTATION_TOPLEFT, 0);
 	pop_handlers ();
 
 	ev_render_context_compute_scaled_size (rc, width, height * (x_res / y_res),
-- 
2.20.1

Places

File CVE-2019-11459.patch of Package evince

Places