Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
poppler-qt5.31330
CVE-2018-18897.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2018-18897.patch of Package poppler-qt5.31330
From e07c8b4784234383cb5ddcf1133ea91a772506e2 Mon Sep 17 00:00:00 2001 From: Adam Reichold <adam.reichold@t-online.de> Date: Tue, 1 Jan 2019 10:54:40 +0100 Subject: [PATCH] Avoid global display profile state becoming an uncontrolled memory leak by enforcing single initialization. Closes #654 --- poppler/GfxState.cc | 9 +++++++++ qt5/src/poppler-qt5.h | 4 ++++ 2 files changed, 13 insertions(+) Index: poppler-0.62.0/poppler/GfxState.cc =================================================================== --- poppler-0.62.0.orig/poppler/GfxState.cc 2017-12-03 19:25:06.000000000 +0000 +++ poppler-0.62.0/poppler/GfxState.cc 2019-03-20 10:59:09.734144107 +0000 @@ -222,6 +222,10 @@ static unsigned int getCMSNChannels(cmsC static cmsHPROFILE loadColorProfile(const char *fileName); void GfxColorSpace::setDisplayProfile(void *displayProfileA) { + if (displayProfile != nullptr) { + error(errInternal, -1, "The display color profile can only be set once before any rendering is done."); + return; + } displayProfile = displayProfileA; if (displayProfile != NULL) { cmsHTRANSFORM transform; @@ -245,6 +249,11 @@ void GfxColorSpace::setDisplayProfile(vo } void GfxColorSpace::setDisplayProfileName(GooString *name) { + if (displayProfile != nullptr) { + error(errInternal, -1, "The display color profile can only be set before any rendering is done."); + return; + } + delete displayProfileName; displayProfileName = name->copy(); } Index: poppler-0.62.0/qt5/src/poppler-qt5.h =================================================================== --- poppler-0.62.0.orig/qt5/src/poppler-qt5.h 2017-12-03 19:25:06.000000000 +0000 +++ poppler-0.62.0/qt5/src/poppler-qt5.h 2019-03-20 10:59:09.735144110 +0000 @@ -993,6 +993,8 @@ delete it; \param outputProfileA is a \c cmsHPROFILE of the LCMS library. + \note This should be called before any rendering happens and only once during the lifetime of the current process. + \since 0.12 */ void setColorDisplayProfile(void *outputProfileA); @@ -1001,6 +1003,8 @@ delete it; \param name is the name of the display profile to set. + \note This should be called before any rendering happens. + \since 0.12 */ void setColorDisplayProfileName(const QString &name);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor