Fix buffer overflow vulnerability in xpdf code.

Security: http://www.kde.org/info/security/advisory-20070730-1.txt Security: CVE-2007-3387
svn path=/head/; revision=196764
2025-07-18 17:59:20 -04:00 · 2007-07-30 21:59:27 +00:00 · 2007-07-30 21:59:27 +00:00 · b09d5e70f1 · 2021-03-31 03:12:20 +00:00
commit b09d5e70f1
parent a8f26cf252
10 changed files with 99 additions and 3 deletions
--- a/editors/calligra/Makefile
+++ b/editors/calligra/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	koffice
 PORTVERSION=	1.6.3
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	2
 CATEGORIES=	editors kde
 MASTER_SITES=	${MASTER_SITE_KDE}
--- a/editors/calligra/files/patch-koffice-xpdf-CVE-2007-3387.diff
+++ b/editors/calligra/files/patch-koffice-xpdf-CVE-2007-3387.diff
@ -0,0 +1,20 @@
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc
+++ filters/kword/pdf/xpdf/xpdf/Stream.cc
+@@ -413,13 +413,11 @@ StreamPredictor::StreamPredictor(Stream 
+   predLine = NULL;
+   ok = gFalse;
+ 
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-     nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits)
+-    return;
+-
+   nVals = width * nComps;
+-  if (nVals * nBits + 7 <= 0)
+  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+     nComps >= 4 || nBits > 16 ||
+      width >= INT_MAX / nComps ||
+      nVals >= (INT_MAX - 7) / nBits)
+     return;
+ 
+   pixBytes = (nComps * nBits + 7) >> 3;
--- a/editors/koffice-kde3/Makefile
+++ b/editors/koffice-kde3/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	koffice
 PORTVERSION=	1.6.3
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	2
 CATEGORIES=	editors kde
 MASTER_SITES=	${MASTER_SITE_KDE}
--- a/editors/koffice-kde3/files/patch-koffice-xpdf-CVE-2007-3387.diff
+++ b/editors/koffice-kde3/files/patch-koffice-xpdf-CVE-2007-3387.diff
@ -0,0 +1,20 @@
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc
+++ filters/kword/pdf/xpdf/xpdf/Stream.cc
+@@ -413,13 +413,11 @@ StreamPredictor::StreamPredictor(Stream 
+   predLine = NULL;
+   ok = gFalse;
+ 
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-     nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits)
+-    return;
+-
+   nVals = width * nComps;
+-  if (nVals * nBits + 7 <= 0)
+  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+     nComps >= 4 || nBits > 16 ||
+      width >= INT_MAX / nComps ||
+      nVals >= (INT_MAX - 7) / nBits)
+     return;
+ 
+   pixBytes = (nComps * nBits + 7) >> 3;
--- a/editors/koffice-kde4/Makefile
+++ b/editors/koffice-kde4/Makefile
@ -7,7 +7,7 @@

 PORTNAME=	koffice
 PORTVERSION=	1.6.3
-PORTREVISION=	1
+PORTREVISION=	2
 PORTEPOCH=	2
 CATEGORIES=	editors kde
 MASTER_SITES=	${MASTER_SITE_KDE}
--- a/editors/koffice-kde4/files/patch-koffice-xpdf-CVE-2007-3387.diff
+++ b/editors/koffice-kde4/files/patch-koffice-xpdf-CVE-2007-3387.diff
@ -0,0 +1,20 @@
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc
+++ filters/kword/pdf/xpdf/xpdf/Stream.cc
+@@ -413,13 +413,11 @@ StreamPredictor::StreamPredictor(Stream 
+   predLine = NULL;
+   ok = gFalse;
+ 
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-     nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits)
+-    return;
+-
+   nVals = width * nComps;
+-  if (nVals * nBits + 7 <= 0)
+  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+     nComps >= 4 || nBits > 16 ||
+      width >= INT_MAX / nComps ||
+      nVals >= (INT_MAX - 7) / nBits)
+     return;
+ 
+   pixBytes = (nComps * nBits + 7) >> 3;
--- a/graphics/kdegraphics3/Makefile
+++ b/graphics/kdegraphics3/Makefile
@ -8,6 +8,7 @@

 PORTNAME=	kdegraphics
 PORTVERSION=	${KDE_VERSION}
+PORTREVISION=	1
 CATEGORIES=	graphics kde
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	stable/${PORTVERSION:S/.0//}/src
--- a/graphics/kdegraphics3/files/patch-post-3.5.7-kdegraphics-CVE-2007-3387.diff
+++ b/graphics/kdegraphics3/files/patch-post-3.5.7-kdegraphics-CVE-2007-3387.diff
@ -0,0 +1,17 @@
+Index: kpdf/xpdf/xpdf/Stream.cc
+===================================================================
+--- kpdf/xpdf/xpdf/Stream.cc	(revision 689574)
+++ kpdf/xpdf/xpdf/Stream.cc	(working copy)
+@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream 
+ 
+   nVals = width * nComps;
+   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits ||
+-      nVals * nBits + 7 < 0) {
+      nComps > gfxColorMaxComps || nBits > 16 ||
+      width >= INT_MAX / nComps ||
+      nVals >= (INT_MAX - 7) / nBits) {
+     return;
+   }
+   pixBytes = (nComps * nBits + 7) >> 3;
--- a/graphics/kdegraphics4/Makefile
+++ b/graphics/kdegraphics4/Makefile
@ -8,6 +8,7 @@

 PORTNAME=	kdegraphics
 PORTVERSION=	${KDE_VERSION}
+PORTREVISION=	1
 CATEGORIES=	graphics kde
 MASTER_SITES=	${MASTER_SITE_KDE}
 MASTER_SITE_SUBDIR=	stable/${PORTVERSION:S/.0//}/src
--- a/graphics/kdegraphics4/files/patch-post-3.5.7-kdegraphics-CVE-2007-3387.diff
+++ b/graphics/kdegraphics4/files/patch-post-3.5.7-kdegraphics-CVE-2007-3387.diff
@ -0,0 +1,17 @@
+Index: kpdf/xpdf/xpdf/Stream.cc
+===================================================================
+--- kpdf/xpdf/xpdf/Stream.cc	(revision 689574)
+++ kpdf/xpdf/xpdf/Stream.cc	(working copy)
+@@ -411,9 +411,9 @@ StreamPredictor::StreamPredictor(Stream 
+ 
+   nVals = width * nComps;
+   if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-      nComps >= INT_MAX / nBits ||
+-      width >= INT_MAX / nComps / nBits ||
+-      nVals * nBits + 7 < 0) {
+      nComps > gfxColorMaxComps || nBits > 16 ||
+      width >= INT_MAX / nComps ||
+      nVals >= (INT_MAX - 7) / nBits) {
+     return;
+   }
+   pixBytes = (nComps * nBits + 7) >> 3;