guix/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
Marius Bakke af8c7e1014
gnu: mupdf: Fix CVE-2016-{10132,10133} in bundled mujs.
* gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch,
gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/pdf.scm (mupdf)[replacement]: New field.
(mupdf/fixed): New variable.

Co-authored-by: Leo Famulari <leo@famulari.name>
2017-01-15 20:24:30 -05:00

36 lines
1.1 KiB
Diff

Fix CVE-2016-10133:
https://bugs.ghostscript.com/show_bug.cgi?id=697401
http://seclists.org/oss-sec/2017/q1/74
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10133
Patch lifted from upstream source repository:
https://git.ghostscript.com/?p=mujs.git;h=77ab465f1c394bb77f00966cd950650f3f53cb24
From 77ab465f1c394bb77f00966cd950650f3f53cb24 Mon Sep 17 00:00:00 2001
From: Tor Andersson <tor.andersson@gmail.com>
Date: Thu, 12 Jan 2017 14:47:01 +0100
Subject: [PATCH] Fix 697401: Error when dropping extra arguments to
lightweight functions.
---
thirdparty/mujs/jsrun.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/thirdparty/mujs/jsrun.c b/thirdparty/mujs/jsrun.c
index ee80845..782a6f9 100644
--- a/thirdparty/mujs/jsrun.c
+++ b/thirdparty/mujs/jsrun.c
@@ -937,7 +937,7 @@ static void jsR_calllwfunction(js_State *J, int n, js_Function *F, js_Environmen
jsR_savescope(J, scope);
if (n > F->numparams) {
- js_pop(J, F->numparams - n);
+ js_pop(J, n - F->numparams);
n = F->numparams;
}
for (i = n; i < F->varlen; ++i)
--
2.9.1