From 968ba22f93ff6dbd11e807e9922031317d6f48fb Mon Sep 17 00:00:00 2001
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Date: Sun, 6 Nov 2022 14:38:21 +0100
Subject: [PATCH] package/mupdf: fix CVE-2021-4216

A Floating point exception (division-by-zero) flaw was found in Mupdf
for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1
upstream.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 3ddca0ccb90967977c2db8c966c205568cf4cb93)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...ero-for-zero-width-pages-in-muraster.patch | 29 +++++++++++++++++++
 package/mupdf/mupdf.mk                        |  3 ++
 2 files changed, 32 insertions(+)
 create mode 100644 package/mupdf/0005-Bug-704834-Fix-division-by-zero-for-zero-width-pages-in-muraster.patch

diff --git a/package/mupdf/0005-Bug-704834-Fix-division-by-zero-for-zero-width-pages-in-muraster.patch b/package/mupdf/0005-Bug-704834-Fix-division-by-zero-for-zero-width-pages-in-muraster.patch
new file mode 100644
index 0000000000..099a3fdbab
--- /dev/null
+++ b/package/mupdf/0005-Bug-704834-Fix-division-by-zero-for-zero-width-pages-in-muraster.patch
@@ -0,0 +1,29 @@
+From 22c47acbd52949421f8c7cb46ea1556827d0fcbf Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Tue, 18 Jan 2022 20:33:10 +0100
+Subject: [PATCH] Bug 704834: Fix division by zero for zero width pages in
+ muraster.
+
+[Retrieved from:
+https://github.com/ArtifexSoftware/mupdf/commit/22c47acbd52949421f8c7cb46ea1556827d0fcbf]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+---
+ source/tools/muraster.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/source/tools/muraster.c b/source/tools/muraster.c
+index c2ceb62f2e..97f4ae2633 100644
+--- a/source/tools/muraster.c
++++ b/source/tools/muraster.c
+@@ -1003,8 +1003,9 @@ initialise_banding(fz_context *ctx, render_details *render, int color)
+ 
+ 	w = render->ibounds.x1 - render->ibounds.x0;
+ 	min_band_mem = (size_t)bpp * w * min_band_height;
+-	reps = (int)(max_band_memory / min_band_mem);
+-	if (reps < 1)
++	if (min_band_mem > 0)
++		reps = (int)(max_band_memory / min_band_mem);
++	if (min_band_mem == 0 || reps < 1)
+ 		reps = 1;
+ 
+ 	/* Adjust reps to even out the work between threads */
diff --git a/package/mupdf/mupdf.mk b/package/mupdf/mupdf.mk
index 56ea7cc507..e86ba1e73f 100644
--- a/package/mupdf/mupdf.mk
+++ b/package/mupdf/mupdf.mk
@@ -28,6 +28,9 @@ MUPDF_IGNORE_CVES += CVE-2021-3407
 # 0003-Bug-703791-Stay-within-hash-table-max-key-size-in-cached-color-converter.patch
 MUPDF_IGNORE_CVES += CVE-2021-37220
 
+# 0005-Bug-704834-Fix-division-by-zero-for-zero-width-pages-in-muraster.patch
+MUPDF_IGNORE_CVES += CVE-2021-4216
+
 # The pkg-config name for gumbo-parser is `gumbo`.
 MUPDF_PKG_CONFIG_PACKAGES = \
 	freetype2 \