Overview

File CVE-2018-18897.patch of Package poppler.27868

From e07c8b4784234383cb5ddcf1133ea91a772506e2 Mon Sep 17 00:00:00 2001
From: Adam Reichold <adam.reichold@t-online.de>
Date: Tue, 1 Jan 2019 10:54:40 +0100
Subject: [PATCH] Avoid global display profile state becoming an uncontrolled
 memory leak by enforcing single initialization. Closes #654

---
 poppler/GfxState.cc   | 9 +++++++++
 qt5/src/poppler-qt5.h | 4 ++++
 2 files changed, 13 insertions(+)

Index: poppler-0.62.0/poppler/GfxState.cc
===================================================================
--- poppler-0.62.0.orig/poppler/GfxState.cc	2017-12-03 19:25:06.000000000 +0000
+++ poppler-0.62.0/poppler/GfxState.cc	2019-03-20 10:59:09.734144107 +0000
@@ -222,6 +222,10 @@ static unsigned int getCMSNChannels(cmsC
 static cmsHPROFILE loadColorProfile(const char *fileName);
 
 void GfxColorSpace::setDisplayProfile(void *displayProfileA) {
+  if (displayProfile != nullptr) {
+    error(errInternal, -1, "The display color profile can only be set once before any rendering is done.");
+    return;
+  }
   displayProfile = displayProfileA;
   if (displayProfile != NULL) {
     cmsHTRANSFORM transform;
@@ -245,6 +249,11 @@ void GfxColorSpace::setDisplayProfile(vo
 }
 
 void GfxColorSpace::setDisplayProfileName(GooString *name) {
+  if (displayProfile != nullptr) {
+    error(errInternal, -1, "The display color profile can only be set before any rendering is done.");
+    return;
+  }
+  delete displayProfileName;
   displayProfileName = name->copy();
 }
 
Index: poppler-0.62.0/qt5/src/poppler-qt5.h
===================================================================
--- poppler-0.62.0.orig/qt5/src/poppler-qt5.h	2017-12-03 19:25:06.000000000 +0000
+++ poppler-0.62.0/qt5/src/poppler-qt5.h	2019-03-20 10:59:09.735144110 +0000
@@ -993,6 +993,8 @@ delete it;
 
 	  \param outputProfileA is a \c cmsHPROFILE of the LCMS library.
 
+	  \note This should be called before any rendering happens and only once during the lifetime of the current process.
+
 	   \since 0.12
 	*/
 	void setColorDisplayProfile(void *outputProfileA);
@@ -1001,6 +1003,8 @@ delete it;
 
 	  \param name is the name of the display profile to set.
 
+	  \note This should be called before any rendering happens.
+
 	   \since 0.12
 	*/
 	void setColorDisplayProfileName(const QString &name);
openSUSE Build Service is sponsored by
Places