diff options
Diffstat (limited to 'graphics/kdegraphics3/files/patch-post-3.5.5-kdegraphics-CVE-2007-0104.diff')
| -rw-r--r-- | graphics/kdegraphics3/files/patch-post-3.5.5-kdegraphics-CVE-2007-0104.diff | 61 |
1 files changed, 0 insertions, 61 deletions
diff --git a/graphics/kdegraphics3/files/patch-post-3.5.5-kdegraphics-CVE-2007-0104.diff b/graphics/kdegraphics3/files/patch-post-3.5.5-kdegraphics-CVE-2007-0104.diff deleted file mode 100644 index 092cf67f360b..000000000000 --- a/graphics/kdegraphics3/files/patch-post-3.5.5-kdegraphics-CVE-2007-0104.diff +++ /dev/null @@ -1,61 +0,0 @@ ---- kpdf/xpdf/xpdf/Catalog.cc -+++ kpdf/xpdf/xpdf/Catalog.cc -@@ -26,6 +26,12 @@ - #include "UGString.h" - #include "Catalog.h" - -+// This define is used to limit the depth of recursive readPageTree calls -+// This is needed because the page tree nodes can reference their parents -+// leaving us in an infinite loop -+// Most sane pdf documents don't have a call depth higher than 10 -+#define MAX_CALL_DEPTH 1000 -+ - //------------------------------------------------------------------------ - // Catalog - //------------------------------------------------------------------------ -@@ -76,7 +82,7 @@ Catalog::Catalog(XRef *xrefA) { - pageRefs[i].num = -1; - pageRefs[i].gen = -1; - } -- numPages = readPageTree(pagesDict.getDict(), NULL, 0); -+ numPages = readPageTree(pagesDict.getDict(), NULL, 0, 0); - if (numPages != numPages0) { - error(-1, "Page count in top-level pages object is incorrect"); - } -@@ -191,7 +197,7 @@ GString *Catalog::readMetadata() { - return s; - } - --int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start) { -+int Catalog::readPageTree(Dict *pagesDict, PageAttrs *attrs, int start, int callDepth) { - Object kids; - Object kid; - Object kidRef; -@@ -236,9 +242,13 @@ int Catalog::readPageTree(Dict *pagesDic - // This should really be isDict("Pages"), but I've seen at least one - // PDF file where the /Type entry is missing. - } else if (kid.isDict()) { -- if ((start = readPageTree(kid.getDict(), attrs1, start)) -- < 0) -- goto err2; -+ if (callDepth > MAX_CALL_DEPTH) { -+ error(-1, "Limit of %d recursive calls reached while reading the page tree. If your document is correct and not a test to try to force a crash, please report a bug.", MAX_CALL_DEPTH); -+ } else { -+ if ((start = readPageTree(kid.getDict(), attrs1, start, callDepth + 1)) -+ < 0) -+ goto err2; -+ } - } else { - error(-1, "Kid object (page %d) is wrong type (%s)", - start+1, kid.getTypeName()); ---- kpdf/xpdf/xpdf/Catalog.h -+++ kpdf/xpdf/xpdf/Catalog.h -@@ -128,7 +128,7 @@ private: - Object acroForm; // AcroForm dictionary - GBool ok; // true if catalog is valid - -- int readPageTree(Dict *pages, PageAttrs *attrs, int start); -+ int readPageTree(Dict *pages, PageAttrs *attrs, int start, int callDepth); - Object *findDestInTree(Object *tree, GString *name, Object *obj); - }; - |