Bug#924029: poppler: diff for NMU version 0.71.0-4.1

Sat, 25 May 2019 10:00:43 -0700 

Control: tags 924029 + pending patch

Dear maintainer,

I've prepared an NMU for poppler (versioned as 0.71.0-4.1) and
uploaded it to DELAYED/2. Please feel free to tell me if I
should delay it longer.

Regards.


-- 
Jonathan Wiltshire                                      j...@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51


diff -Nru poppler-0.71.0/debian/changelog poppler-0.71.0/debian/changelog
--- poppler-0.71.0/debian/changelog	2019-05-23 21:18:49.000000000 +0100
+++ poppler-0.71.0/debian/changelog	2019-05-25 17:10:35.000000000 +0100
@@ -1,3 +1,11 @@
+poppler (0.71.0-4.1) unstable; urgency=medium
+
+  * Non-maintainer upload.
+  * Prevent a crash due to null pointer dereferencing in
+    goo/GooString.h (Closes: #924029)
+
+ -- Jonathan Wiltshire <j...@debian.org>  Sat, 25 May 2019 17:10:35 +0100
+
 poppler (0.71.0-4) unstable; urgency=medium
 
   * CVE-2018-16646 (Closes: #909802)
diff -Nru poppler-0.71.0/debian/patches/bug924029-goostring-null-pointers.patch poppler-0.71.0/debian/patches/bug924029-goostring-null-pointers.patch
--- poppler-0.71.0/debian/patches/bug924029-goostring-null-pointers.patch	1970-01-01 01:00:00.000000000 +0100
+++ poppler-0.71.0/debian/patches/bug924029-goostring-null-pointers.patch	2019-05-25 17:09:50.000000000 +0100
@@ -0,0 +1,97 @@
+Subject: Make GooString constructible and assignable from null pointers again
+ since some of the code expects it.
+Origin: https://gitlab.freedesktop.org/poppler/poppler/commit/8f158da92c53ae16a368f844965f57ba8ffed77d
+Bug: https://gitlab.freedesktop.org/poppler/poppler/commit/8f158da92c53ae16a368f844965f57ba8ffed77d
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924029
+Reviewed-by: Jonathan Wiltshire <j...@debian.org>
+Applied-Upstream: yes
+Last-Update: 2019-05-25
+
+--- poppler-0.71.0.orig/goo/GooString.h
++++ poppler-0.71.0/goo/GooString.h
+@@ -60,7 +60,7 @@
+   GooString& operator=(const GooString &other) = delete;
+ 
+   // Create a string from a C string.
+-  explicit GooString(const char *sA) : std::string(sA) {}
++  explicit GooString(const char *sA) : std::string(sA ? sA : "") {}
+ 
+   // Zero-cost conversion from and to std::string
+   explicit GooString(const std::string& str) : std::string(str) {}
+@@ -70,18 +70,18 @@
+ 
+   // Create a string from <lengthA> chars at <sA>.  This string
+   // can contain null characters.
+-  GooString(const char *sA, int lengthA) : std::string(sA, lengthA) {}
++  GooString(const char *sA, int lengthA) : std::string(sA ? sA : "", sA ? lengthA : 0) {}
+ 
+   // Create a string from <lengthA> chars at <idx> in <str>.
+   GooString(const GooString *str, int idx, int lengthA) : std::string(*str, idx, lengthA) {}
+ 
+   // Set content of a string to <newStr>.
+-  GooString* Set(const GooString *newStr) { assign(*newStr); return this; }
+-  GooString* Set(const char *newStr) { assign(newStr); return this; }
+-  GooString* Set(const char *newStr, int newLen) { assign(newStr, newLen); return this; }
++  GooString* Set(const GooString *newStr) { assign(newStr ? static_cast<const std::string&>(*newStr) : std::string{}); return this; }
++  GooString* Set(const char *newStr) { assign(newStr ? newStr : ""); return this; }
++  GooString* Set(const char *newStr, int newLen) { assign(newStr ? newStr : "", newStr ? newLen : 0); return this; }
+ 
+   // Copy a string.
+-  explicit GooString(const GooString *str) : std::string(*str) {}
++  explicit GooString(const GooString *str) : std::string(str ? static_cast<const std::string&>(*str) : std::string{}) {}
+   GooString *copy() const { return new GooString(this); }
+ 
+   // Concatenate two strings.
+--- poppler-0.71.0.orig/qt5/tests/check_goostring.cpp
++++ poppler-0.71.0/qt5/tests/check_goostring.cpp
+@@ -11,6 +11,7 @@
+     void testInsertData();
+     void testInsert();
+     void testFormat();
++    void testFromNullptr();
+ };
+ 
+ void TestGooString::testInsertData_data()
+@@ -122,6 +123,42 @@
+     }
+ }
+ 
++void TestGooString::testFromNullptr()
++{
++  {
++    GooString str{static_cast<const GooString*>(nullptr)};
++    QCOMPARE(str.getLength(), 0);
++  }
++
++  {
++    GooString str;
++    str.Set(static_cast<const GooString*>(nullptr));
++    QCOMPARE(str.getLength(), 0);
++  }
++
++  {
++    GooString str{static_cast<const char*>(nullptr)};
++    QCOMPARE(str.getLength(), 0);
++  }
++
++  {
++    GooString str{static_cast<const char*>(nullptr), 0};
++    QCOMPARE(str.getLength(), 0);
++  }
++
++  {
++    GooString str;
++    str.Set(static_cast<const char*>(nullptr));
++    QCOMPARE(str.getLength(), 0);
++  }
++
++  {
++    GooString str;
++    str.Set(static_cast<const char*>(nullptr), 0);
++    QCOMPARE(str.getLength(), 0);
++  }
++}
++
+ QTEST_GUILESS_MAIN(TestGooString)
+ #include "check_goostring.moc"
+ 
diff -Nru poppler-0.71.0/debian/patches/series poppler-0.71.0/debian/patches/series
--- poppler-0.71.0/debian/patches/series	2019-05-23 21:18:49.000000000 +0100
+++ poppler-0.71.0/debian/patches/series	2019-05-25 17:03:52.000000000 +0100
@@ -11,3 +11,4 @@
 CVE-2019-9200.patch
 CVE-2019-9631.patch
 CVE-2019-10873.patch
+bug924029-goostring-null-pointers.patch

Reply via email to