Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP3:Update
mupdf
0002-Bug-702253-Avoid-a-use-after-free-in-fz_dr...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0002-Bug-702253-Avoid-a-use-after-free-in-fz_drop_band_wr.patch of Package mupdf
From f371fbd5d35cb60e9673ed359431bf8c07e81e22 Mon Sep 17 00:00:00 2001 From: theshoals <theshoals@users.noreply.github.com> Date: Mon, 4 May 2020 03:33:40 -0400 Subject: [PATCH 2/2] Bug 702253: Avoid a use-after-free in fz_drop_band_writer A use-after-free would occur when a valid page was followed by a page with invalid pixmap dimensions, causing bander -- a static -- to point to previously freed memory instead of a new band_writer. (cherry picked from commit 96751b25462f83d6e16a9afaf8980b0c3f979c8b) --- source/tools/mudraw.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source/tools/mudraw.c b/source/tools/mudraw.c index ccae16a2e..09c9f4bc8 100644 --- a/source/tools/mudraw.c +++ b/source/tools/mudraw.c @@ -924,7 +924,14 @@ static void dodrawpage(fz_context *ctx, fz_page *page, fz_display_list *list, in fz_always(ctx) { if (output_format != OUT_PCLM) + { fz_drop_band_writer(ctx, bander); + /* bander must be set to NULL to avoid use-after-frees. A use-after-free + * would occur when a valid page was followed by a page with invalid + * pixmap dimensions, causing bander -- a static -- to point to previously + * freed memory instead of a new band_writer. */ + bander = NULL; + } fz_drop_bitmap(ctx, bit); bit = NULL; if (num_workers > 0) -- 2.31.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor