File r1873-Fix-CVE-2017-6845-and-add-test-case-to-reproduce.patch of Package podofo.23799

------------------------------------------------------------------------
r1873 | domseichter | 2018-01-26 16:40:28 +0100 (vie, 26 ene 2018) | 3 lines

FIXED: Added test case to reproduce CVE-2017-6845 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6845) and fixed the issue.



Index: src/base/PdfColor.cpp
===================================================================
--- src/base/PdfColor.cpp	(revision 1872)
+++ src/base/PdfColor.cpp	(revision 1873)
@@ -570,9 +570,16 @@
 
 const PdfColor & PdfColor::operator=( const PdfColor & rhs )
 {
-    if (this != &rhs)
+    // Null check necessary due to memcpy despite compiler warning.
+    // See: CVE-2017-6845
+    if( NULL == &rhs )
     {
-        memcpy( &m_uColor, &rhs.m_uColor, sizeof(m_uColor) );
+        PODOFO_RAISE_ERROR( ePdfError_InvalidHandle );
+    }
+    
+    if ( this != &rhs )
+    {
+         memcpy( &m_uColor, &rhs.m_uColor, sizeof(m_uColor) );
         m_separationName = rhs.m_separationName;
         m_separationDensity = rhs.m_separationDensity;
         m_eColorSpace = rhs.m_eColorSpace;
Index: test/unit/ColorTest.cpp
===================================================================
--- test/unit/ColorTest.cpp	(revision 1872)
+++ test/unit/ColorTest.cpp	(revision 1873)
@@ -2473,3 +2473,15 @@
         ASSERT_TRUE(rgbColor == cmykColor.ConvertToRGB());
     }
 }
+
+// See: CVE-2017-6845
+void ColorTest::testAssignNull()
+{
+    PdfColor c;
+    PdfColor* pNull = NULL;
+
+    CPPUNIT_ASSERT_THROW_WITH_ERROR_TYPE( 
+        (c = *pNull), 
+        PdfError, 
+        ePdfError_InvalidHandle);
+}
Index: test/unit/ColorTest.h
===================================================================
--- test/unit/ColorTest.h	(revision 1872)
+++ test/unit/ColorTest.h	(revision 1873)
@@ -50,6 +50,7 @@
     CPPUNIT_TEST( testColorCieLabConstructor );
 
     CPPUNIT_TEST( testRGBtoCMYKConversions );
+    CPPUNIT_TEST( testAssignNull );
 
     CPPUNIT_TEST_SUITE_END();
 
@@ -83,6 +84,7 @@
 
     void testRGBtoCMYKConversions();
 
+    void testAssignNull();
 };
 
 #endif

------------------------------------------------------------------------