File CVE-2018-19149.patch of Package poppler-qt5.31745

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-19149.patch of Package poppler-qt5.31745

From f162ecdea0dda5dbbdb45503c1d55d9afaa41d44 Mon Sep 17 00:00:00 2001
From: Marek Kasik <mkasik@redhat.com>
Date: Fri, 20 Apr 2018 11:38:13 +0200
Subject: [PATCH] Fix crash on missing embedded file

Check whether an embedded file is actually present in the PDF
and show warning in that case.

https://bugs.freedesktop.org/show_bug.cgi?id=106137
https://gitlab.freedesktop.org/poppler/poppler/issues/236
---
 glib/poppler-attachment.cc | 26 +++++++++++++++++---------
 glib/poppler-document.cc   |  3 ++-
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/glib/poppler-attachment.cc b/glib/poppler-attachment.cc
index c6502e9d..11ba5bb5 100644
--- a/glib/poppler-attachment.cc
+++ b/glib/poppler-attachment.cc
@@ -111,17 +111,25 @@ _poppler_attachment_new (FileSpec *emb_file)
     attachment->description = _poppler_goo_string_to_utf8 (emb_file->getDescription ());
 
   embFile = emb_file->getEmbeddedFile();
-  attachment->size = embFile->size ();
+  if (embFile != NULL && embFile->streamObject()->isStream())
+    {
+      attachment->size = embFile->size ();
 
-  if (embFile->createDate ())
-    _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
-  if (embFile->modDate ())
-    _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
+      if (embFile->createDate ())
+        _poppler_convert_pdf_date_to_gtime (embFile->createDate (), (time_t *)&attachment->ctime);
+      if (embFile->modDate ())
+        _poppler_convert_pdf_date_to_gtime (embFile->modDate (), (time_t *)&attachment->mtime);
 
-  if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
-    attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
-                                             embFile->checksum ()->getLength ());
-  priv->obj_stream = embFile->streamObject()->copy();
+      if (embFile->checksum () && embFile->checksum ()->getLength () > 0)
+        attachment->checksum = g_string_new_len (embFile->checksum ()->getCString (),
+                                                 embFile->checksum ()->getLength ());
+      priv->obj_stream = embFile->streamObject()->copy();
+    }
+  else
+    {
+      g_warning ("Missing stream object for embedded file");
+      g_clear_object (&attachment);
+    }
 
   return attachment;
 }
diff --git a/glib/poppler-document.cc b/glib/poppler-document.cc
index 83f6aea6..ea319344 100644
--- a/glib/poppler-document.cc
+++ b/glib/poppler-document.cc
@@ -670,7 +670,8 @@ poppler_document_get_attachments (PopplerDocument *document)
       attachment = _poppler_attachment_new (emb_file);
       delete emb_file;
 
-      retval = g_list_prepend (retval, attachment);
+      if (attachment != NULL)
+        retval = g_list_prepend (retval, attachment);
     }
   return g_list_reverse (retval);
 }
-- 
2.18.1

Places

File CVE-2018-19149.patch of Package poppler-qt5.31745

Places