rpms
/
djvulibre
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix a stack overflow

Browse Source 
Resolves: #1767868
epel9
Marek Kasik 5 years ago
parent 369377b969
commit 74ff854317
2 changed files with 118 additions and 1 deletions
Show Stats Download Patch File Download Diff File

111
djvulibre-3.5.27-stack-overflow.patch
Unescape View File

@ -0,0 +1,111 @@
From e15d51510048927f172f1bf1f27ede65907d940d Mon Sep 17 00:00:00 2001
From: Leon Bottou <leon@bottou.org>
Date: Mon, 8 Apr 2019 22:25:55 -0400
Subject: bug 299 fixed
diff --git a/libdjvu/GContainer.h b/libdjvu/GContainer.h
index 96b067c..0140211 100644
--- a/libdjvu/GContainer.h
+++ b/libdjvu/GContainer.h
@@ -550,52 +550,61 @@ public:
template <class TYPE> void
GArrayTemplate<TYPE>::sort(int lo, int hi)
{
- if (hi <= lo)
- return;
- if (hi > hibound || lo<lobound)
- G_THROW( ERR_MSG("GContainer.illegal_subscript") );
TYPE *data = (TYPE*)(*this);
- // Test for insertion sort
- if (hi <= lo + 50)
+ while(true)
{
- for (int i=lo+1; i<=hi; i++)
+ if (hi <= lo)
+ return;
+ if (hi > hibound || lo<lobound)
+ G_THROW( ERR_MSG("GContainer.illegal_subscript") );
+ // Test for insertion sort
+ if (hi <= lo + 50)
{
- int j = i;
- TYPE tmp = data[i];
- while ((--j>=lo) && !(data[j]<=tmp))
- data[j+1] = data[j];
- data[j+1] = tmp;
+ for (int i=lo+1; i<=hi; i++)
+ {
+ int j = i;
+ TYPE tmp = data[i];
+ while ((--j>=lo) && !(data[j]<=tmp))
+ data[j+1] = data[j];
+ data[j+1] = tmp;
+ }
+ return;
}
- return;
- }
- // -- determine suitable quick-sort pivot
- TYPE tmp = data[lo];
- TYPE pivot = data[(lo+hi)/2];
- if (pivot <= tmp)
- { tmp = pivot; pivot=data[lo]; }
- if (data[hi] <= tmp)
- { pivot = tmp; }
- else if (data[hi] <= pivot)
- { pivot = data[hi]; }
- // -- partition set
- int h = hi;
- int l = lo;
- while (l < h)
- {
- while (! (pivot <= data[l])) l++;
- while (! (data[h] <= pivot)) h--;
- if (l < h)
+ // -- determine median-of-three pivot
+ TYPE tmp = data[lo];
+ TYPE pivot = data[(lo+hi)/2];
+ if (pivot <= tmp)
+ { tmp = pivot; pivot=data[lo]; }
+ if (data[hi] <= tmp)
+ { pivot = tmp; }
+ else if (data[hi] <= pivot)
+ { pivot = data[hi]; }
+ // -- partition set
+ int h = hi;
+ int l = lo;
+ while (l < h)
{
- tmp = data[l];
- data[l] = data[h];
- data[h] = tmp;
- l = l+1;
- h = h-1;
+ while (! (pivot <= data[l])) l++;
+ while (! (data[h] <= pivot)) h--;
+ if (l < h)
+ {
+ tmp = data[l];
+ data[l] = data[h];
+ data[h] = tmp;
+ l = l+1;
+ h = h-1;
+ }
+ }
+ // -- recurse, small partition first
+ // tail-recursion elimination
+ if (h - lo <= hi - l) {
+ sort(lo,h);
+ lo = l; // sort(l,hi)
+ } else {
+ sort(l,hi);
+ hi = h; // sort(lo,h)
}
}
- // -- recursively restart
- sort(lo, h);
- sort(l, hi);
}
template<class TYPE> inline TYPE&

8
djvulibre.spec
Unescape View File

@ -3,7 +3,7 @@
Summary: DjVu viewers, encoders, and utilities Summary: DjVu viewers, encoders, and utilities
Name: djvulibre Name: djvulibre
Version: 3.5.27 Version: 3.5.27
Release: 14%{?dist} Release: 15%{?dist}
License: GPLv2+ License: GPLv2+
URL: http://djvu.sourceforge.net/ URL: http://djvu.sourceforge.net/
Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz
@ -11,6 +11,7 @@ Patch0: djvulibre-3.5.22-cdefs.patch
#Patch1: djvulibre-3.5.25.3-cflags.patch #Patch1: djvulibre-3.5.25.3-cflags.patch
Patch2: djvulibre-3.5.27-buffer-overflow.patch Patch2: djvulibre-3.5.27-buffer-overflow.patch
Patch3: djvulibre-3.5.27-infinite-loop.patch Patch3: djvulibre-3.5.27-infinite-loop.patch
Patch4: djvulibre-3.5.27-stack-overflow.patch
Requires(post): xdg-utils Requires(post): xdg-utils
Requires(preun): xdg-utils Requires(preun): xdg-utils
@ -65,6 +66,7 @@ Development files for DjVuLibre.
#%patch1 -p1 -b .cflags #%patch1 -p1 -b .cflags
%patch2 -p1 -b .buffer-overflow %patch2 -p1 -b .buffer-overflow
%patch3 -p1 -b .infinite-loop %patch3 -p1 -b .infinite-loop
%patch4 -p1 -b .stack-overflow
%build %build
@ -172,6 +174,10 @@ fi
%changelog %changelog
* Thu Nov 7 2019 Marek Kasik <mkasik@redhat.com> - 3.5.27-15
- Fix a stack overflow
- Resolves: #1767868
* Wed Nov 6 2019 Marek Kasik <mkasik@redhat.com> - 3.5.27-14 * Wed Nov 6 2019 Marek Kasik <mkasik@redhat.com> - 3.5.27-14
- Break an infinite loop - Break an infinite loop
- Resolves: #1767857 - Resolves: #1767857

Write Preview
Loading…
Cancel
Save