Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
podofo.35912
r1971-Fixed-CVE-2019-9199.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File r1971-Fixed-CVE-2019-9199.patch of Package podofo.35912
Fixed CVE-2019-9199, issue #40 (raises PdfError with PageNotFound code on error) The error is the page 0 (0-based) not being found, before this fix that led to a null pointer dereference (method call on a null pointer, undefined behavior), now just a PdfError exception is raised. --- a/tools/podofoimpose/pdftranslator.cpp +++ b/tools/podofoimpose/pdftranslator.cpp @@ -148,7 +148,12 @@ // std::cerr << "Document has "<< pcount << " page(s) " << endl; if ( pcount > 0 ) // only here to avoid possible segfault, but PDF without page is not conform IIRC { - PoDoFo::PdfRect rect ( sourceDoc->GetPage ( 0 )->GetMediaBox() ); + PoDoFo::PdfPage* pFirstPage = sourceDoc->GetPage ( 0 ); + if ( NULL == pFirstPage ) // Fixes CVE-2019-9199 (issue #40) + { + PODOFO_RAISE_ERROR_INFO( ePdfError_PageNotFound, "First page (0) of source document not found" ); + } + PoDoFo::PdfRect rect ( pFirstPage->GetMediaBox() ); // keep in mind it’s just a hint since PDF can have different page sizes in a same doc sourceWidth = rect.GetWidth() - rect.GetLeft(); sourceHeight = rect.GetHeight() - rect.GetBottom() ;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor