calibre

Podofo ABI breakage in 0.9.6

Bug #1791430 reported by Jelle van der Waa
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
calibre
Fix Released
Undecided
Unassigned

Bug Description

Arch is updating podofo to 0.9.6 which fixes a couple of important CVE issues. Sadly this release breaks their own ABI. I haven't found all ABI breakages yet but one issue is that the loading has changed of documents:

diff -aur podofo-0.9.5/tools/podofoxmp/podofoxmp.cpp podofo-0.9.6/tools/podofoxmp/podofoxmp.cpp
--- podofo-0.9.5/tools/podofoxmp/podofoxmp.cpp 2016-11-18 20:08:56.000000000 +0100
+++ podofo-0.9.6/tools/podofoxmp/podofoxmp.cpp 2017-07-21 07:31:07.000000000 +0200
@@ -61,7 +61,7 @@
             istream_iterator<char> end;
             string buffer(it, end);
             doc = new PoDoFo::PdfMemDocument();
- doc->Load( buffer.c_str(), (long)buffer.size() );
+ doc->LoadFromBuffer( buffer.c_str(), (long)buffer.size() );
         }
         else
         {

Revision history for this message
Jelle van der Waa (jelle-vdwaa) wrote :

I've used this patch to resolve the ABI breakage, but it would need some work to be backwards compatible.

Revision history for this message
Kovid Goyal (kovid) wrote : Fixed in master

Fixed in branch master. The fix will be in the next release. calibre is usually released every alternate Friday.

 status fixreleased

Changed in calibre:
status: New → Fix Released
Revision history for this message
Kovid Goyal (kovid) wrote :

Your patch does not look correct, the second case has to load from a file not a buffer. I dont know the right method name there so I have inserted LoadFromFile -- I'll fix it to be correct when I have a moment to downoad podofo 0.9.6

Revision history for this message
Kovid Goyal (kovid) wrote :

proper fix is committed, with a test as well.

Revision history for this message
Kovid Goyal (kovid) wrote :

Oh and thanks for the heads up.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.