Security fix for SA43020:

MuPDF "closedctd()" Memory Corruption Vulnerability. ok sthen@ (MAINTAINER) aja@
2011-02-10 13:01:12 +00:00 · 2011-02-10 13:01:12 +00:00 · 4ae9582f93
commit 4ae9582f93
parent 368a34f067
2 changed files with 29 additions and 1 deletions
--- a/textproc/mupdf/Makefile
+++ b/textproc/mupdf/Makefile
@ -1,8 +1,9 @@
-# $OpenBSD: Makefile,v 1.22 2010/11/20 19:56:49 espie Exp $
+# $OpenBSD: Makefile,v 1.23 2011/02/10 13:01:12 jasper Exp $

 COMMENT =	graphic library, pdf parser, viewer and utilities

 DISTNAME =	mupdf-0.7
+REVISION =	0

 CATEGORIES =	textproc x11

--- a/textproc/mupdf/patches/patch-fitz_filt_dctd_c
+++ b/textproc/mupdf/patches/patch-fitz_filt_dctd_c
@ -0,0 +1,27 @@
+$OpenBSD: patch-fitz_filt_dctd_c,v 1.1 2011/02/10 13:01:12 jasper Exp $
+
+Security fix for SA43020:
+MuPDF "closedctd()" Memory Corruption Vulnerability.
+
+Patch from git commit 53448d850052082cb815982419a07b52f95c6607.
+
+--- fitz/filt_dctd.c.orig	Wed Aug 25 16:12:11 2010
+++ fitz/filt_dctd.c	Wed Feb  9 21:39:03 2011
+@@ -182,8 +182,17 @@ static void
+ closedctd(fz_stream *stm)
+ {
+ 	fz_dctd *state = stm->state;
+
+	if (setjmp(state->jb))
+	{
+		state->chain->rp = state->chain->wp - state->cinfo.src->bytes_in_buffer;
+		fz_warn("jpeg error: %s", state->msg);
+		goto skip;
+	}
+
+ 	if (state->init)
+ 		jpeg_finish_decompress(&state->cinfo);
+skip:
+ 	state->chain->rp = state->chain->wp - state->cinfo.src->bytes_in_buffer;
+ 	jpeg_destroy_decompress(&state->cinfo);
+ 	fz_free(state->scanline);