guix/gnu/packages/patches/mupdf-CVE-2017-14685.patch
Leo Famulari ae7e24c421
gnu: mupdf: Fix CVE-2017-{14685,14686,14687}.
* gnu/packages/patches/mupdf-CVE-2017-14685.patch,
gnu/packages/patches/mupdf-CVE-2017-14686.patch,
gnu/packages/patches/mupdf-CVE-2017-14687.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/pdf.scm (mupdf)[source]: Use them.
2017-10-24 13:44:34 -04:00

34 lines
1.1 KiB
Diff

Fix CVE-2017-14685:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14685
Patch copied from upstream source repository:
https://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
From ab1a420613dec93c686acbee2c165274e922f82a Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@artifex.com>
Date: Tue, 19 Sep 2017 15:23:04 +0200
Subject: [PATCH] Fix 698539: Don't use xps font if it could not be loaded.
xps_load_links_in_glyphs did not cope with font loading failures.
---
source/xps/xps-link.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/source/xps/xps-link.c b/source/xps/xps-link.c
index c07e0d7..c26a8d9 100644
--- a/source/xps/xps-link.c
+++ b/source/xps/xps-link.c
@@ -91,6 +91,8 @@ xps_load_links_in_glyphs(fz_context *ctx, xps_document *doc, const fz_matrix *ct
bidi_level = atoi(bidi_level_att);
font = xps_lookup_font(ctx, doc, base_uri, font_uri_att, style_att);
+ if (!font)
+ return;
text = xps_parse_glyphs_imp(ctx, doc, &local_ctm, font, fz_atof(font_size_att),
fz_atof(origin_x_att), fz_atof(origin_y_att),
is_sideways, bidi_level, indices_att, unicode_att);
--
2.9.1