Overview

File djvulibre-CVE-2021-3630.patch of Package djvulibre.20249

::Index: djvulibre-3.5.27/libdjvu/GString.cpp
===================================================================
--- djvulibre-3.5.27.orig/libdjvu/GString.cpp	2015-02-08 20:40:30.000000000 +0100
+++ djvulibre-3.5.27/libdjvu/GString.cpp	2021-07-30 18:23:56.921313794 +0200
@@ -1212,11 +1212,11 @@ GP<GStringRep>
 GStringRep::getbuf(int n) const
 {
   GP<GStringRep> retval;
-  if(n< 0)
+  if(n < 0)
     n=strlen(data);
-  if(n>0)
+  if(n >= 0)
   {
-    retval=blank(n);
+    retval=blank((n>0) ? n : 1);
     char *ndata=retval->data;
     strncpy(ndata,data,n);
     ndata[n]=0;
Index: djvulibre-3.5.27/libdjvu/DjVuText.cpp
===================================================================
--- djvulibre-3.5.27.orig/libdjvu/DjVuText.cpp	2014-07-08 23:15:07.000000000 +0200
+++ djvulibre-3.5.27/libdjvu/DjVuText.cpp	2021-07-30 18:24:27.089529562 +0200
@@ -345,9 +345,9 @@ DjVuTXT::decode(const GP<ByteStream> &gb
   int textsize = bs.read24();
   char *buffer = textUTF8.getbuf(textsize);
   int readsize = bs.read(buffer,textsize);
-  buffer[readsize] = 0;
-  if (readsize < textsize)
+  if (readsize < textsize || textsize <= 0)
     G_THROW( ERR_MSG("DjVuText.corrupt_chunk") );
+  buffer[readsize] = 0;
   // Try reading zones
   unsigned char version;
   if ( bs.read( (void*) &version, 1 ) == 1)
openSUSE Build Service is sponsored by
Places