File CVE-2018-18897.patch of Package poppler.30684
From e07c8b4784234383cb5ddcf1133ea91a772506e2 Mon Sep 17 00:00:00 2001
From: Adam Reichold <adam.reichold@t-online.de>
Date: Tue, 1 Jan 2019 10:54:40 +0100
Subject: [PATCH] Avoid global display profile state becoming an uncontrolled
memory leak by enforcing single initialization. Closes #654
---
poppler/GfxState.cc | 9 +++++++++
qt5/src/poppler-qt5.h | 4 ++++
2 files changed, 13 insertions(+)
Index: poppler-0.62.0/poppler/GfxState.cc
===================================================================
--- poppler-0.62.0.orig/poppler/GfxState.cc 2017-12-03 19:25:06.000000000 +0000
+++ poppler-0.62.0/poppler/GfxState.cc 2019-03-20 10:59:09.734144107 +0000
@@ -222,6 +222,10 @@ static unsigned int getCMSNChannels(cmsC
static cmsHPROFILE loadColorProfile(const char *fileName);
void GfxColorSpace::setDisplayProfile(void *displayProfileA) {
+ if (displayProfile != nullptr) {
+ error(errInternal, -1, "The display color profile can only be set once before any rendering is done.");
+ return;
+ }
displayProfile = displayProfileA;
if (displayProfile != NULL) {
cmsHTRANSFORM transform;
@@ -245,6 +249,11 @@ void GfxColorSpace::setDisplayProfile(vo
}
void GfxColorSpace::setDisplayProfileName(GooString *name) {
+ if (displayProfile != nullptr) {
+ error(errInternal, -1, "The display color profile can only be set before any rendering is done.");
+ return;
+ }
+ delete displayProfileName;
displayProfileName = name->copy();
}
Index: poppler-0.62.0/qt5/src/poppler-qt5.h
===================================================================
--- poppler-0.62.0.orig/qt5/src/poppler-qt5.h 2017-12-03 19:25:06.000000000 +0000
+++ poppler-0.62.0/qt5/src/poppler-qt5.h 2019-03-20 10:59:09.735144110 +0000
@@ -993,6 +993,8 @@ delete it;
\param outputProfileA is a \c cmsHPROFILE of the LCMS library.
+ \note This should be called before any rendering happens and only once during the lifetime of the current process.
+
\since 0.12
*/
void setColorDisplayProfile(void *outputProfileA);
@@ -1001,6 +1003,8 @@ delete it;
\param name is the name of the display profile to set.
+ \note This should be called before any rendering happens.
+
\since 0.12
*/
void setColorDisplayProfileName(const QString &name);