packages/evince
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!8 [sync] PR-6: Fix CVE-2019-11459

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @dwl301 
Signed-off-by: @dwl301
This commit is contained in:
openeuler-ci-bot 2022-02-28 01:44:57 +00:00 committed by Gitee
commit 710acb3a51
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 77 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
CVE-2019-11459.patch Normal file
View File

@ -0,0 +1,72 @@
From 234f034a4d15cd46dd556f4945f99fbd57ef5f15 Mon Sep 17 00:00:00 2001
From: Jason Crain <jcrain@src.gnome.org>
Date: Mon, 15 Apr 2019 23:06:36 -0600
Subject: [PATCH] tiff: Handle failure from TIFFReadRGBAImageOriented
The TIFFReadRGBAImageOriented function returns zero if it was unable to
read the image. Return NULL in this case instead of displaying
uninitialized memory.
Fixes #1129
---
backend/tiff/tiff-document.c | 28 ++++++++++++++++++----------
1 file changed, 18 insertions(+), 10 deletions(-)
diff --git a/backend/tiff/tiff-document.c b/backend/tiff/tiff-document.c
index 7715031b9..38bb3bd8f 100644
--- a/backend/tiff/tiff-document.c
+++ b/backend/tiff/tiff-document.c
@@ -292,18 +292,22 @@ tiff_document_render (EvDocument *document,
g_warning("Failed to allocate memory for rendering.");
return NULL;
}
-
+
+ if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
+ width, height,
+ (uint32 *)pixels,
+ orientation, 0)) {
+ g_warning ("Failed to read TIFF image.");
+ g_free (pixels);
+ return NULL;
+ }
+
surface = cairo_image_surface_create_for_data (pixels,
CAIRO_FORMAT_RGB24,
width, height,
rowstride);
cairo_surface_set_user_data (surface, &key,
pixels, (cairo_destroy_func_t)g_free);
-
- TIFFReadRGBAImageOriented (tiff_document->tiff,
- width, height,
- (uint32 *)pixels,
- orientation, 0);
pop_handlers ();
/* Convert the format returned by libtiff to
@@ -384,13 +388,17 @@ tiff_document_get_thumbnail (EvDocument *document,
if (!pixels)
return NULL;
+ if (!TIFFReadRGBAImageOriented (tiff_document->tiff,
+ width, height,
+ (uint32 *)pixels,
+ ORIENTATION_TOPLEFT, 0)) {
+ g_free (pixels);
+ return NULL;
+ }
+
pixbuf = gdk_pixbuf_new_from_data (pixels, GDK_COLORSPACE_RGB, TRUE, 8,
width, height, rowstride,
(GdkPixbufDestroyNotify) g_free, NULL);
- TIFFReadRGBAImageOriented (tiff_document->tiff,
- width, height,
- (uint32 *)pixels,
- ORIENTATION_TOPLEFT, 0);
pop_handlers ();
ev_render_context_compute_scaled_size (rc, width, height * (x_res / y_res),
--
GitLab

6
evince.spec
View File

@ -1,12 +1,13 @@
Name: evince
Version: 3.30.1
Release: 3
Release: 4
Summary: Document viewer for multiple document formats
License: GPLv2+ and GPLv3+ and LGPLv2+ and MIT and Afmparse
URL: https://wiki.gnome.org/Apps/Evince
Source0: https://download.gnome.org/sources/%{name}/3.30/%{name}-%{version}.tar.xz
Patch0: evince-3.21.4-NPNVToolKit.patch
Patch1: 0001-Resolves-deb-762530-rhbz-1061177-add-man-pages.patch
Patch2: CVE-2019-11459.patch
BuildRequires: pkgconfig(gio-unix-2.0) >= 2.36.0 pkgconfig(gtk+-x11-3.0) >= 3.16.0 pkgconfig(gnome-desktop-3.0)
BuildRequires: pkgconfig(poppler-glib) >= 0.24.0 pkgconfig(libgxps) >= 0.2.1 pkgconfig(gobject-introspection-1.0)
@ -102,5 +103,8 @@ desktop-file-validate $RPM_BUILD_ROOT%{_datadir}/applications/org.gnome.Evince-p
%changelog
* Sat Feb 26 2022 yaoxin <yaoxin30@huawei.com> - 3.30.1-4
- Fix CVE-2019-11459
* Mon Dec 2 2019 chenzhenyu <chenzhenyu13@huawei.com> - 3.30.1-3
- Package init