From 6b4c64634658b1cdaab31744f20d82e6c08ce7be Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Wed, 8 May 2024 01:03:29 +0300 Subject: [PATCH] import djvulibre-3.5.28-4.el9 --- ...0001-Check-for-zero-width-and-height.patch | 35 +++++++++++++++++++ .../djvulibre-3.5.27-check-image-size.patch | 8 +++-- SPECS/djvulibre.spec | 12 ++++++- 3 files changed, 51 insertions(+), 4 deletions(-) create mode 100644 SOURCES/0001-Check-for-zero-width-and-height.patch diff --git a/SOURCES/0001-Check-for-zero-width-and-height.patch b/SOURCES/0001-Check-for-zero-width-and-height.patch new file mode 100644 index 0000000..f6800ca --- /dev/null +++ b/SOURCES/0001-Check-for-zero-width-and-height.patch @@ -0,0 +1,35 @@ +From 3e7facdbcdab27143327b216cddb42a6dd1a50a7 Mon Sep 17 00:00:00 2001 +From: Petr Gajdos +Date: Mon, 6 May 2024 11:26:12 +0200 +Subject: [PATCH] Check for zero width and height + +Also check for positive number of gray levels. + +The patch was created by Petr Gajdos for +https://sourceforge.net/p/djvu/bugs/345/ and pushed +by Marek Kasik to Fedora/EPEL repositories. +--- + libdjvu/IW44EncodeCodec.cpp | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp +index f81eaeb..7a402f7 100644 +--- a/libdjvu/IW44EncodeCodec.cpp ++++ b/libdjvu/IW44EncodeCodec.cpp +@@ -1424,7 +1424,12 @@ IWBitmap::Encode::init(const GBitmap &bm, const GP gmask) + int h = bm.rows(); + int g = bm.get_grays()-1; + signed char *buffer; +- GPBuffer gbuffer(buffer,w*h); ++ size_t sz = w * h; ++ if (sz == 0 || g <= 0) // w or h is zero or g is not positive ++ G_THROW("IWBitmap: zero size image (corrupted file?)"); ++ if (sz / (size_t)w != (size_t)h) // multiplication overflow ++ G_THROW("IWBitmap: image size exceeds maximum (corrupted file?)"); ++ GPBuffer gbuffer(buffer,sz); + // Prepare gray level conversion table + signed char bconv[256]; + for (i=0; i<256; i++) +-- +2.44.0 + diff --git a/SOURCES/djvulibre-3.5.27-check-image-size.patch b/SOURCES/djvulibre-3.5.27-check-image-size.patch index 9d0d5b8..8730c25 100644 --- a/SOURCES/djvulibre-3.5.27-check-image-size.patch +++ b/SOURCES/djvulibre-3.5.27-check-image-size.patch @@ -2,12 +2,14 @@ diff --git a/libdjvu/IW44Image.cpp b/libdjvu/IW44Image.cpp index e8d4b44..aa3d554 100644 --- a/libdjvu/IW44Image.cpp +++ b/libdjvu/IW44Image.cpp -@@ -678,7 +678,11 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast) +@@ -678,9 +678,13 @@ IW44Image::Map::image(signed char *img8, int rowsize, int pixsep, int fast) + // Allocate reconstruction buffer + short *data16; size_t sz = bw * bh; - if (sz / (size_t)bw != (size_t)bh) // multiplication overflow - G_THROW("IW44Image: image size exceeds maximum (corrupted file?)"); + if (sz == 0) + G_THROW("IW44Image: zero size image (corrupted file?)"); + if (sz / (size_t)bw != (size_t)bh) // multiplication overflow + G_THROW("IW44Image: image size exceeds maximum (corrupted file?)"); GPBuffer gdata16(data16,sz); + if (data16 == NULL) + G_THROW("IW44Image: unable to allocate image data"); diff --git a/SPECS/djvulibre.spec b/SPECS/djvulibre.spec index e3f6722..7117c4e 100644 --- a/SPECS/djvulibre.spec +++ b/SPECS/djvulibre.spec @@ -3,7 +3,7 @@ Summary: DjVu viewers, encoders, and utilities Name: djvulibre Version: 3.5.28 -Release: 2%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: http://djvu.sourceforge.net/ Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz @@ -16,6 +16,7 @@ Patch10: djvulibre-3.5.27-check-input-pool.patch Patch11: djvulibre-3.5.27-djvuport-stack-overflow.patch Patch12: djvulibre-3.5.27-unsigned-short-overflow.patch Patch14: djvulibre-3.5.27-out-of-bound-write-2.patch +Patch15: 0001-Check-for-zero-width-and-height.patch Requires(post): xdg-utils Requires(preun): xdg-utils @@ -76,6 +77,7 @@ Development files for DjVuLibre. %patch11 -p1 -b .djvuport-stack-overflow %patch12 -p1 -b .unsigned-short-overflow %patch14 -p1 -b .out-of-bound-write-2 +%patch15 -p1 -b .zero-size-image %build @@ -183,6 +185,14 @@ fi %changelog +* Tue May 07 2024 Marek Kasik - 3.5.28-4 +- Check for zero-size image when allocating GBuffer +- Resolves: #2234737 + +* Tue May 07 2024 Marek Kasik - 3.5.28-3 +- Improve image size fix +- Resolves: #2234740 + * Fri Sep 08 2023 Arkady L. Shane - 3.5.28-2 - Rebuilt for MSVSphere 9.2