Hi guys, i've got more "secret files" crashers. This patch files a crash in
one called 1026.asan.0.42.pdf
Thomas, guys, can you verify it makes sense? It makes to me, but more eyes
better.
Cheers,
Albert
diff --git a/splash/Splash.cc b/splash/Splash.cc
index bc7d79f..d5aec8f 100644
--- a/splash/Splash.cc
+++ b/splash/Splash.cc
@@ -5418,6 +5420,7 @@ GBool Splash::gouraudTriangleShadedFill(SplashGouraudColor *shading)
SplashClip* clip = getClip();
SplashBitmap *blitTarget = bitmap;
SplashColorPtr bitmapData = bitmap->getDataPtr();
+ int bitmapOffLimit = bitmap->getHeight() * bitmap->getRowSize();
SplashColorPtr bitmapAlpha = bitmap->getAlphaPtr();
SplashColorPtr cur = NULL;
SplashCoord* userToCanvasMatrix = getMatrix();
@@ -5650,7 +5653,7 @@ GBool Splash::gouraudTriangleShadedFill(SplashGouraudColor *shading)
colorinterp = scanColorMap[0] * scanLimitL + scanColorMap[1];
bitmapOff = scanLineOff + scanLimitL * colorComps;
- for (int X = scanLimitL; X <= scanLimitR; ++X, colorinterp += scanColorMap[0], bitmapOff += colorComps) {
+ for (int X = scanLimitL; X <= scanLimitR && bitmapOff + colorComps <= bitmapOffLimit; ++X, colorinterp += scanColorMap[0], bitmapOff += colorComps) {
// FIXME : standard rectangular clipping can be done for a
// complete scanline which is faster
// --> see SplashClip and its methods
_______________________________________________
poppler mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/poppler
