diff options
Diffstat (limited to 'editors/koffice-kde3/files/patch-koffce-xpdf-CVE-2007-0104.diff')
-rw-r--r-- | editors/koffice-kde3/files/patch-koffce-xpdf-CVE-2007-0104.diff | 74 |
1 files changed, 0 insertions, 74 deletions
diff --git a/editors/koffice-kde3/files/patch-koffce-xpdf-CVE-2007-0104.diff b/editors/koffice-kde3/files/patch-koffce-xpdf-CVE-2007-0104.diff deleted file mode 100644 index f5e51a1c706..00000000000 --- a/editors/koffice-kde3/files/patch-koffce-xpdf-CVE-2007-0104.diff +++ /dev/null @@ -1,74 +0,0 @@ ------------------------------------------------------------------------- -r622463 | aacid | 2007-01-11 23:05:54 +0100 (Thu, 11 Jan 2007) | 2 lines -Changed paths: - M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.cc - M /branches/koffice/1.6/koffice/filters/kword/pdf/xpdf/xpdf/Catalog.h - -Commiting the patch agreed between kpdf and poppler developers to fix MOAB-06-01-2007 issue. - ------------------------------------------------------------------------- -Index: filters/kword/pdf/xpdf/xpdf/Catalog.cc -=================================================================== ---- filters/kword/pdf/xpdf/xpdf/Catalog.cc (revision 622462) -+++ filters/kword/pdf/xpdf/xpdf/Catalog.cc (revision 622463) -@@ -24,6 +24,12 @@ - #include "Link.h" - #include "Catalog.h" - -+// This define is used to limit the depth of recursive readPageTree calls -+// This is needed because the page tree nodes can reference their parents -+// leaving us in an infinite loop -+// Most sane pdf documents don't have a call depth higher than 10 -+#define MAX_CALL_DEPTH 1000 -+ - //------------------------------------------------------------------------ - // Catalog - //------------------------------------------------------------------------ -@@ -77,7 +83,7 @@ Catalog::Catalog(XRef *xrefA) { - pageRefs[i].num = -1; - pageRefs[i].gen = -1; - } -- numPages = readPageTree(pagesDict.getDict(), NULL, 0); -+ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0); - if (numPages != numPages0) { - error(-1, "Page count in top-level pages object is incorrect"); - } -@@ -171,7 +177,7 @@ GString *Catalog::readMetadata() { - return s; - } - --int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) { -+int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) { - Object kids; - Object kid; - Object kidRef; -@@ -221,9 +227,13 @@ int Catalog::readPageTree(Dict *pagesDic - // This should really be isDict("Pages"), but I've seen at least one - // PDF file where the /Type entry is missing. - } else if (kid.isDict()) { -- if ((start = readPageTree(kid.getDict(), attrs1, start)) -- < 0) -- goto err2; -+ if (callDepth > MAX_CALL_DEPTH) { -+ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH); -+ } else { -+ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1)) -+ < 0) -+ goto err2; -+ } - } else { - error(-1, "Kid object (page %d) is wrong type (%s)", - start+1, kid.getTypeName()); -Index: filters/kword/pdf/xpdf/xpdf/Catalog.h -=================================================================== ---- filters/kword/pdf/xpdf/xpdf/Catalog.h (revision 622462) -+++ filters/kword/pdf/xpdf/xpdf/Catalog.h (revision 622463) -@@ -82,7 +82,7 @@ private: - Object outline; // outline dictionary - GBool ok; // true if catalog is valid - -- int readPageTree(Dict *pages, PageAttrs *attrs, int start); -+ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth); - Object *findDestInTree(Object *tree, GString *name, Object *obj); - }; - |