Fix a buffer overflow

Resolves: #1767842

djvulibre-3.5.27-buffer-overflow.patch

@@ -0,0 +1,21 @@
+--- djvulibre-3.5.27/libdjvu/DjVmDir.cpp
++++ djvulibre-3.5.27/libdjvu/DjVmDir.cpp
+@@ -300,6 +300,9 @@ DjVmDir::decode(const GP<ByteStream> &gs
+          memcpy((char*) strings+strings_size, buffer, length);
+       }
+       DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n");
++      int strings_size=strings.size();
++      strings.resize(strings_size+3);
++      memset((char*) strings+strings_size, 0, 4);
+    
+          // Copy names into the files
+       const char * ptr=strings;
+@@ -307,6 +310,8 @@ DjVmDir::decode(const GP<ByteStream> &gs
+       {
+          GP<File> file=files_list[pos];
+ 
++         if (ptr >= (const char*)strings + strings_size)
++           G_THROW( "DjVu document is corrupted (DjVmDir)" );
+          file->id=ptr;
+          ptr+=file->id.length()+1;
+          if (file->flags & File::HAS_NAME)

djvulibre.spec

@@ -3,12 +3,13 @@
 Summary: DjVu viewers, encoders, and utilities
 Name: djvulibre
 Version: 3.5.27
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: GPLv2+
 URL: http://djvu.sourceforge.net/
 Source0: http://downloads.sourceforge.net/djvu/%{name}-%{version}.tar.gz
 Patch0: djvulibre-3.5.22-cdefs.patch
 #Patch1: djvulibre-3.5.25.3-cflags.patch
+Patch2: djvulibre-3.5.27-buffer-overflow.patch
 
 Requires(post): xdg-utils
 Requires(preun): xdg-utils
@@ -61,6 +62,7 @@ Development files for DjVuLibre.
 %setup -q 
 %patch0 -p1 -b .cdefs
 #%patch1 -p1 -b .cflags
+%patch2 -p1 -b .buffer-overflow
 
 
 %build 
@@ -168,6 +170,10 @@ fi
 
 
 %changelog
+* Wed Nov  6 2019 Marek Kasik <mkasik@redhat.com> - 3.5.27-13
+- Fix a buffer overflow
+- Resolves: #1767842
+
 * Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.5.27-12
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild