File djvulibre-CVE-2021-3630.patch of Package djvulibre.20250
::Index: djvulibre-3.5.27/libdjvu/GString.cpp
===================================================================
--- djvulibre-3.5.27.orig/libdjvu/GString.cpp 2015-02-08 20:40:30.000000000 +0100
+++ djvulibre-3.5.27/libdjvu/GString.cpp 2021-07-30 18:23:56.921313794 +0200
@@ -1212,11 +1212,11 @@ GP<GStringRep>
GStringRep::getbuf(int n) const
{
GP<GStringRep> retval;
- if(n< 0)
+ if(n < 0)
n=strlen(data);
- if(n>0)
+ if(n >= 0)
{
- retval=blank(n);
+ retval=blank((n>0) ? n : 1);
char *ndata=retval->data;
strncpy(ndata,data,n);
ndata[n]=0;
Index: djvulibre-3.5.27/libdjvu/DjVuText.cpp
===================================================================
--- djvulibre-3.5.27.orig/libdjvu/DjVuText.cpp 2014-07-08 23:15:07.000000000 +0200
+++ djvulibre-3.5.27/libdjvu/DjVuText.cpp 2021-07-30 18:24:27.089529562 +0200
@@ -345,9 +345,9 @@ DjVuTXT::decode(const GP<ByteStream> &gb
int textsize = bs.read24();
char *buffer = textUTF8.getbuf(textsize);
int readsize = bs.read(buffer,textsize);
- buffer[readsize] = 0;
- if (readsize < textsize)
+ if (readsize < textsize || textsize <= 0)
G_THROW( ERR_MSG("DjVuText.corrupt_chunk") );
+ buffer[readsize] = 0;
// Try reading zones
unsigned char version;
if ( bs.read( (void*) &version, 1 ) == 1)