File CVE-2018-19060.patch of Package poppler-qt5

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2018-19060.patch of Package poppler-qt5

From d2f5d424ba8752f9a9e9dad410546ec1b46caa0a Mon Sep 17 00:00:00 2001
From: Adam Reichold <adam.reichold@t-online.de>
Date: Tue, 6 Nov 2018 09:08:06 +0100
Subject: [PATCH] pdfdetach: Check for valid file name of embedded file before
 using it to determine save path.

Closes #660
---
 utils/pdfdetach.cc | 24 ++++++++++++++++++------
 1 file changed, 18 insertions(+), 6 deletions(-)

Index: poppler-0.62.0/utils/pdfdetach.cc
===================================================================
--- poppler-0.62.0.orig/utils/pdfdetach.cc	2019-03-20 11:10:11.929383424 +0000
+++ poppler-0.62.0/utils/pdfdetach.cc	2019-03-20 11:10:24.075423128 +0000
@@ -189,14 +189,18 @@ int main(int argc, char *argv[]) {
       fileSpec = static_cast<FileSpec *>(embeddedFiles->get(i));
       printf("%d: ", i+1);
       s1 = fileSpec->getFileName();
-      if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) {
+      if (!s1) {
+	exitCode = 3;
+	goto err2;
+      }
+      if (s1->hasUnicodeMarker()) {
         isUnicode = gTrue;
         j = 2;
       } else {
         isUnicode = gFalse;
         j = 0;
       }
-      while (j < fileSpec->getFileName()->getLength()) {
+      while (j < s1->getLength()) {
         if (isUnicode) {
           u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff);
           j += 2;
@@ -226,14 +230,18 @@ int main(int argc, char *argv[]) {
 	p = path;
       }
       s1 = fileSpec->getFileName();
-      if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) {
+      if (!s1) {
+	exitCode = 3;
+	goto err2;
+      }
+      if (s1->hasUnicodeMarker()) {
         isUnicode = gTrue;
         j = 2;
       } else {
         isUnicode = gFalse;
         j = 0;
       }
-      while (j < fileSpec->getFileName()->getLength()) {
+      while (j < s1->getLength()) {
         if (isUnicode) {
           u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff);
           j += 2;
@@ -269,14 +277,18 @@ int main(int argc, char *argv[]) {
     } else {
       p = path;
       s1 = fileSpec->getFileName();
-      if ((s1->getChar(0) & 0xff) == 0xfe && (s1->getChar(1) & 0xff) == 0xff) {
+      if (!s1) {
+	exitCode = 3;
+	goto err2;
+      }
+      if (s1->hasUnicodeMarker()) {
         isUnicode = gTrue;
         j = 2;
       } else {
         isUnicode = gFalse;
         j = 0;
       }
-      while (j < fileSpec->getFileName()->getLength()) {
+      while (j < s1->getLength()) {
         if (isUnicode) {
           u = ((s1->getChar(j) & 0xff) << 8) | (s1->getChar(j+1) & 0xff);
           j += 2;

Places

File CVE-2018-19060.patch of Package poppler-qt5

Places