From 76cb706e3c93eff5cf61511d416b8365bd3cbcd7 Mon Sep 17 00:00:00 2001
From: Pavel Zhukov <landgraf@fedoraproject.org>
Date: Wed, 14 Mar 2012 22:01:09 +0400
Subject: [PATCH] Fix buffer overflow (#752388)

---
 mupdf-buffer_overflow.patch | 47 +++++++++++++++++++++++++++++++++++++
 mupdf.spec                  |  6 +++--
 2 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 mupdf-buffer_overflow.patch

diff --git a/mupdf-buffer_overflow.patch b/mupdf-buffer_overflow.patch
new file mode 100644
index 0000000..68a3644
--- /dev/null
+++ b/mupdf-buffer_overflow.patch
@@ -0,0 +1,47 @@
+--- a/apps/pdfapp.c
++++ b/apps/pdfapp.c
+@@ -285,8 +287,20 @@ static void pdfapp_showpage(pdfapp_t *app, int loadpage, int drawpage, int repai
+ 
+ 	if (drawpage)
+ 	{
+-		sprintf(buf, "%s - %d/%d (%d dpi)", app->doctitle,
++		char buf2[64];
++		int len;
++
++		sprintf(buf2, " - %d/%d (%d dpi)",
+ 				app->pageno, app->pagecount, app->resolution);
++		len = MAX_TITLE-strlen(buf2);
++		if (strlen(app->doctitle) > len)
++		{
++			snprintf(buf, len-3, "%s", app->doctitle);
++			strcat(buf, "...");
++			strcat(buf, buf2);
++		}
++		else
++			sprintf(buf, "%s%s", app->doctitle, buf2);
+ 		wintitle(app, buf);
+ 
+ 		ctm = pdfapp_viewctm(app);
+-- 
+--- apps/pdfapp.c	2012-03-14 21:50:05.673159926 +0400
++++ b/apps/pdfapp.c	2012-03-14 21:50:36.621159125 +0400
+@@ -339,7 +339,7 @@
+ 
+ static void pdfapp_showpage(pdfapp_t *app, int loadpage, int drawpage, int repaint)
+ {
+-	char buf[256];
++	char buf[MAX_TITLE];
+ 	fz_device *idev;
+ 	fz_device *tdev;
+ 	fz_colorspace *colorspace;
+--- apps/pdfapp.c	2012-03-14 21:53:20.659154121 +0400
++++ b/apps/pdfapp.c	2012-03-14 21:55:33.566150087 +0400
+@@ -336,7 +336,7 @@
+ 
+ 	xps_free_page(app->xps, page);
+ }
+-
++#define MAX_TITLE 256
+ static void pdfapp_showpage(pdfapp_t *app, int loadpage, int drawpage, int repaint)
+ {
+ 	char buf[MAX_TITLE];
diff --git a/mupdf.spec b/mupdf.spec
index 1af4240..eba5dd2 100644
--- a/mupdf.spec
+++ b/mupdf.spec
@@ -8,6 +8,7 @@ License:        GPLv3
 URL:            http://mupdf.com/
 Source0:        http://mupdf.com/download/%{name}-%{version}-source.tar.gz
 Source1:        %{name}.desktop
+Patch0:         %{name}-buffer_overflow.patch
 BuildRequires:  openjpeg-devel jbig2dec-devel desktop-file-utils
 BuildRequires:  libjpeg-devel freetype-devel libXext-devel
 
@@ -38,6 +39,7 @@ applications that use mupdf and static libraries
 
 %prep
 %setup -q
+%patch0 -p1 
 
 %build
 export CFLAGS="%{optflags}"
@@ -84,8 +86,8 @@ update-desktop-database &> /dev/null || :
 %{_libdir}/libmuxps.a
 
 %changelog
-* Thu Feb 09 2012 Rex Dieter <rdieter@fedoraproject.org> 0.9-3
-- rebuild (openjpeg)
+* Wed Mar 14 2012  Pavel Zhukov <landgraf@fedoraproject.org> - 0.9-2
+- Fix buffer overflow (#752388)
 
 * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild