fix CVE-2024-46657 (rhbz#2331625)

0001-Bug-707996-Declare-variable-fz_var-to-avoid-stale-va.patch

@@ -0,0 +1,42 @@
+From 43f2c1076467570fbd999116eb42266ec2b6cc78 Mon Sep 17 00:00:00 2001
+Message-ID: <43f2c1076467570fbd999116eb42266ec2b6cc78.1735230633.git.mjg@fedoraproject.org>
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Mon, 2 Sep 2024 22:06:32 +0200
+Subject: [PATCH] Bug 707996: Declare variable fz_var to avoid stale values.
+
+A fuzzed file provoked an ASAN warning when building release mode.
+
+For good measure, also declare a variable in an unrelated function
+in the same tool fz_var.
+
+(cherry picked from commit b5c898a30f068b5342e8263a2cd5b9f0be291aac)
+---
+ source/tools/pdfextract.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/source/tools/pdfextract.c b/source/tools/pdfextract.c
+index 0b42e9189..dc1f2c23f 100644
+--- a/source/tools/pdfextract.c
++++ b/source/tools/pdfextract.c
+@@ -119,6 +119,7 @@ static void saveimage(pdf_obj *ref)
+ 	int type;
+ 
+ 	fz_var(image);
++	fz_var(mask);
+ 	fz_var(pix);
+ 
+ 	fz_try(ctx)
+@@ -252,7 +253,9 @@ static void savefont(pdf_obj *dict)
+ 
+ static void extractobject(int num)
+ {
+-	pdf_obj *ref;
++	pdf_obj *ref = NULL;
++
++	fz_var(ref);
+ 
+ 	if (!doc)
+ 		fz_throw(ctx, FZ_ERROR_GENERIC, "no file specified");
+-- 
+2.48.0.rc0.310.g2fcc1078a8
+

mupdf.spec

@@ -15,6 +15,7 @@ Source0:        http://mupdf.com/downloads/archive/%{name}-%{upversion}-source.t
 Source1:        %{name}.desktop
 Source2:        %{name}-gl.desktop
 Patch:          mupdf-1.21.1-fix-png_write_band.patch
+Patch:          0001-Bug-707996-Declare-variable-fz_var-to-avoid-stale-va.patch
 BuildRequires:  gcc gcc-c++ make binutils desktop-file-utils coreutils pkgconfig
 BuildRequires:  openjpeg2-devel desktop-file-utils
 BuildRequires:  libjpeg-devel freetype-devel libXext-devel curl-devel