diff --git a/SOURCES/djvulibre-3.5.25.3-cflags.patch b/SOURCES/djvulibre-3.5.25.3-cflags.patch new file mode 100644 index 0000000..e2b7c5f --- /dev/null +++ b/SOURCES/djvulibre-3.5.25.3-cflags.patch @@ -0,0 +1,51 @@ +diff -up djvulibre-3.5.25/configure~ djvulibre-3.5.25/configure +--- djvulibre-3.5.25/configure~ 2012-05-08 05:56:53.000000000 +0300 ++++ djvulibre-3.5.25/configure 2012-10-10 00:01:36.000000000 +0300 +@@ -14733,6 +14733,7 @@ fi + + OPTS= + ++if false; then + saved_CXXFLAGS="$CXXFLAGS" + saved_CFLAGS="$CFLAGS" + CXXFLAGS= +@@ -14750,6 +14751,7 @@ fi + *) CFLAGS="$CFLAGS $opt" ;; + esac + done ++fi + if test x$ac_debug = xno ; then + OPTS=-DNDEBUG + +@@ -14770,6 +14772,7 @@ $as_echo "no" >&6; } + fi + + ++if false; then + opt="-O3" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CXX accepts $opt" >&5 + $as_echo_n "checking if $CXX accepts $opt... " >&6; } +@@ -14801,6 +14804,7 @@ $as_echo "no" >&6; } + fi + + fi ++fi + + + opt="-Wno-non-virtual-dtor" +@@ -14819,6 +14823,7 @@ $as_echo "no" >&6; } + + fi + ++if false; then + cpu=`uname -m 2>/dev/null` + test -z "$cpu" && cpu=${host_cpu} + case "${host_cpu}" in +@@ -14860,6 +14865,7 @@ $as_echo "no" >&6; } + + ;; + esac ++fi + else + + opt="-Wall" diff --git a/SOURCES/djvulibre-3.5.27-buffer-overflow.patch b/SOURCES/djvulibre-3.5.27-buffer-overflow.patch new file mode 100644 index 0000000..d8fe28d --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-buffer-overflow.patch @@ -0,0 +1,21 @@ +--- djvulibre-3.5.27/libdjvu/DjVmDir.cpp ++++ djvulibre-3.5.27/libdjvu/DjVmDir.cpp +@@ -300,6 +300,9 @@ DjVmDir::decode(const GP &gs + memcpy((char*) strings+strings_size, buffer, length); + } + DEBUG_MSG("size of decompressed names block=" << strings.size() << "\n"); ++ int strings_size=strings.size(); ++ strings.resize(strings_size+3); ++ memset((char*) strings+strings_size, 0, 4); + + // Copy names into the files + const char * ptr=strings; +@@ -307,6 +310,8 @@ DjVmDir::decode(const GP &gs + { + GP file=files_list[pos]; + ++ if (ptr >= (const char*)strings + strings_size) ++ G_THROW( "DjVu document is corrupted (DjVmDir)" ); + file->id=ptr; + ptr+=file->id.length()+1; + if (file->flags & File::HAS_NAME) diff --git a/SOURCES/djvulibre-3.5.27-infinite-loop.patch b/SOURCES/djvulibre-3.5.27-infinite-loop.patch new file mode 100644 index 0000000..015dd8f --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-infinite-loop.patch @@ -0,0 +1,46 @@ +From b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f Mon Sep 17 00:00:00 2001 +From: Leon Bottou +Date: Tue, 26 Mar 2019 20:45:46 -0400 +Subject: [PATCH] fix for bug #297 + +--- + libdjvu/DjVmDir.cpp | 2 +- + libdjvu/GBitmap.cpp | 6 ++++-- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/libdjvu/DjVmDir.cpp b/libdjvu/DjVmDir.cpp +index 0a0fac6..5a49015 100644 +--- a/libdjvu/DjVmDir.cpp ++++ b/libdjvu/DjVmDir.cpp +@@ -309,7 +309,7 @@ DjVmDir::decode(const GP &gstr) + GP file=files_list[pos]; + + if (ptr >= (const char*)strings + strings_size) +- G_THROW( "DjVu document is corrupted (DjVmDir)" ); ++ G_THROW( ByteStream::EndOfFile ); + file->id=ptr; + ptr+=file->id.length()+1; + if (file->flags & File::HAS_NAME) +diff --git a/libdjvu/GBitmap.cpp b/libdjvu/GBitmap.cpp +index 0e487f0..c2fdbe4 100644 +--- a/libdjvu/GBitmap.cpp ++++ b/libdjvu/GBitmap.cpp +@@ -890,11 +890,13 @@ GBitmap::read_rle_raw(ByteStream &bs) + int c = 0; + while (n >= 0) + { +- bs.read(&h, 1); ++ if (bs.read(&h, 1) <= 0) ++ G_THROW( ByteStream::EndOfFile ); + int x = h; + if (x >= (int)RUNOVERFLOWVALUE) + { +- bs.read(&h, 1); ++ if (bs.read(&h, 1) <= 0) ++ G_THROW( ByteStream::EndOfFile ); + x = h + ((x - (int)RUNOVERFLOWVALUE) << 8); + } + if (c+x > ncolumns) +-- +2.23.0 + diff --git a/SOURCES/djvulibre-3.5.27-null-dereference.patch b/SOURCES/djvulibre-3.5.27-null-dereference.patch new file mode 100644 index 0000000..5e80f32 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-null-dereference.patch @@ -0,0 +1,39 @@ +From c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125 Mon Sep 17 00:00:00 2001 +From: Leon Bottou +Date: Thu, 17 Oct 2019 22:20:31 -0400 +Subject: [PATCH 1/2] Fixed bug 309 + +--- + libdjvu/IW44EncodeCodec.cpp | 2 +- + tools/ddjvu.cpp | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libdjvu/IW44EncodeCodec.cpp b/libdjvu/IW44EncodeCodec.cpp +index 00752a0..f81eaeb 100644 +--- a/libdjvu/IW44EncodeCodec.cpp ++++ b/libdjvu/IW44EncodeCodec.cpp +@@ -405,7 +405,7 @@ filter_fv(short *p, int w, int h, int rowsize, int scale) + int y = 0; + int s = scale*rowsize; + int s3 = s+s+s; +- h = ((h-1)/scale)+1; ++ h = (h>0) ? ((h-1)/scale)+1 : 0; + y += 1; + p += s; + while (y-3 < h) +diff --git a/tools/ddjvu.cpp b/tools/ddjvu.cpp +index 6d0df3b..7109952 100644 +--- a/tools/ddjvu.cpp ++++ b/tools/ddjvu.cpp +@@ -279,7 +279,7 @@ render(ddjvu_page_t *page, int pageno) + prect.h = (ih * 100) / dpi; + } + /* Process aspect ratio */ +- if (flag_aspect <= 0) ++ if (flag_aspect <= 0 && iw>0 && ih>0) + { + double dw = (double)iw / prect.w; + double dh = (double)ih / prect.h; +-- +2.23.0 + diff --git a/SOURCES/djvulibre-3.5.27-out-of-bound-write.patch b/SOURCES/djvulibre-3.5.27-out-of-bound-write.patch new file mode 100644 index 0000000..59071f0 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-out-of-bound-write.patch @@ -0,0 +1,31 @@ +From 7b0ef20690e08f1fe124aebbf42f6310e2f40f81 Mon Sep 17 00:00:00 2001 +From: Leon Bottou +Date: Thu, 27 Jun 2019 18:38:03 -0400 +Subject: [PATCH] Lizards! + +--- + libdjvu/GString.cpp | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libdjvu/GString.cpp b/libdjvu/GString.cpp +index bf98bfe..b17ed2a 100644 +--- a/libdjvu/GString.cpp ++++ b/libdjvu/GString.cpp +@@ -1216,11 +1216,11 @@ GP + GStringRep::getbuf(int n) const + { + GP retval; +- if(n< 0) ++ if(n < 0) + n=strlen(data); +- if(n>0) ++ if(n >= 0) + { +- retval=blank(n); ++ retval=blank((n>0) ? n : 1); + char *ndata=retval->data; + strncpy(ndata,data,n); + ndata[n]=0; +-- +2.31.1 + diff --git a/SOURCES/djvulibre-3.5.27-stack-overflow.patch b/SOURCES/djvulibre-3.5.27-stack-overflow.patch new file mode 100644 index 0000000..6798076 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-stack-overflow.patch @@ -0,0 +1,111 @@ +From e15d51510048927f172f1bf1f27ede65907d940d Mon Sep 17 00:00:00 2001 +From: Leon Bottou +Date: Mon, 8 Apr 2019 22:25:55 -0400 +Subject: bug 299 fixed + + +diff --git a/libdjvu/GContainer.h b/libdjvu/GContainer.h +index 96b067c..0140211 100644 +--- a/libdjvu/GContainer.h ++++ b/libdjvu/GContainer.h +@@ -550,52 +550,61 @@ public: + template void + GArrayTemplate::sort(int lo, int hi) + { +- if (hi <= lo) +- return; +- if (hi > hibound || lo hibound || lo=lo) && !(data[j]<=tmp)) +- data[j+1] = data[j]; +- data[j+1] = tmp; ++ for (int i=lo+1; i<=hi; i++) ++ { ++ int j = i; ++ TYPE tmp = data[i]; ++ while ((--j>=lo) && !(data[j]<=tmp)) ++ data[j+1] = data[j]; ++ data[j+1] = tmp; ++ } ++ return; + } +- return; +- } +- // -- determine suitable quick-sort pivot +- TYPE tmp = data[lo]; +- TYPE pivot = data[(lo+hi)/2]; +- if (pivot <= tmp) +- { tmp = pivot; pivot=data[lo]; } +- if (data[hi] <= tmp) +- { pivot = tmp; } +- else if (data[hi] <= pivot) +- { pivot = data[hi]; } +- // -- partition set +- int h = hi; +- int l = lo; +- while (l < h) +- { +- while (! (pivot <= data[l])) l++; +- while (! (data[h] <= pivot)) h--; +- if (l < h) ++ // -- determine median-of-three pivot ++ TYPE tmp = data[lo]; ++ TYPE pivot = data[(lo+hi)/2]; ++ if (pivot <= tmp) ++ { tmp = pivot; pivot=data[lo]; } ++ if (data[hi] <= tmp) ++ { pivot = tmp; } ++ else if (data[hi] <= pivot) ++ { pivot = data[hi]; } ++ // -- partition set ++ int h = hi; ++ int l = lo; ++ while (l < h) + { +- tmp = data[l]; +- data[l] = data[h]; +- data[h] = tmp; +- l = l+1; +- h = h-1; ++ while (! (pivot <= data[l])) l++; ++ while (! (data[h] <= pivot)) h--; ++ if (l < h) ++ { ++ tmp = data[l]; ++ data[l] = data[h]; ++ data[h] = tmp; ++ l = l+1; ++ h = h-1; ++ } ++ } ++ // -- recurse, small partition first ++ // tail-recursion elimination ++ if (h - lo <= hi - l) { ++ sort(lo,h); ++ lo = l; // sort(l,hi) ++ } else { ++ sort(l,hi); ++ hi = h; // sort(lo,h) + } + } +- // -- recursively restart +- sort(lo, h); +- sort(l, hi); + } + + template inline TYPE& diff --git a/SOURCES/djvulibre-3.5.27-zero-bytes-check.patch b/SOURCES/djvulibre-3.5.27-zero-bytes-check.patch new file mode 100644 index 0000000..958c3f8 --- /dev/null +++ b/SOURCES/djvulibre-3.5.27-zero-bytes-check.patch @@ -0,0 +1,28 @@ +From 9658b01431cd7ff6344d7787f855179e73fe81a7 Mon Sep 17 00:00:00 2001 +From: Leon Bottou +Date: Mon, 8 Apr 2019 22:55:38 -0400 +Subject: fix bug #298 + + +diff --git a/libdjvu/GBitmap.h b/libdjvu/GBitmap.h +index e8e0c9b..ca89a19 100644 +--- a/libdjvu/GBitmap.h ++++ b/libdjvu/GBitmap.h +@@ -566,7 +566,7 @@ GBitmap::operator[](int row) + { + if (!bytes) + uncompress(); +- if (row<0 || row>=nrows) { ++ if (row<0 || row>=nrows || !bytes) { + #ifndef NDEBUG + if (zerosize < bytes_per_row + border) + G_THROW( ERR_MSG("GBitmap.zero_small") ); +@@ -581,7 +581,7 @@ GBitmap::operator[](int row) const + { + if (!bytes) + ((GBitmap*)this)->uncompress(); +- if (row<0 || row>=nrows) { ++ if (row<0 || row>=nrows || !bytes) { + #ifndef NDEBUG + if (zerosize < bytes_per_row + border) + G_THROW( ERR_MSG("GBitmap.zero_small") );