[poppler] 3 commits - CMakeLists.txt fofi/FoFiTrueType.cc poppler/SplashOutputDev.cc splash/SplashBitmap.cc splash/Splash.cc

Sat, 07 Feb 2015 13:23:33 -0800 

 CMakeLists.txt             |    5 +++++
 fofi/FoFiTrueType.cc       |   15 +++++++++++++--
 poppler/SplashOutputDev.cc |    4 ++--
 splash/Splash.cc           |   10 +++++++++-
 splash/SplashBitmap.cc     |    4 ++--
 5 files changed, 31 insertions(+), 7 deletions(-)

New commits:
commit cdb7ad95f7c8fbf63ade040d8a07ec96467042fc
Author: Albert Astals Cid <[email protected]>
Date:   Sat Feb 7 22:21:16 2015 +0100

    Fix malformed file crash in bug #85243

diff --git a/fofi/FoFiTrueType.cc b/fofi/FoFiTrueType.cc
index 2d65536..6ab8f9b 100644
--- a/fofi/FoFiTrueType.cc
+++ b/fofi/FoFiTrueType.cc
@@ -16,7 +16,7 @@
 // Copyright (C) 2006 Takashi Iwai <[email protected]>
 // Copyright (C) 2007 Koji Otani <[email protected]>
 // Copyright (C) 2007 Carlos Garcia Campos <[email protected]>
-// Copyright (C) 2008, 2009, 2012, 2014 Albert Astals Cid <[email protected]>
+// Copyright (C) 2008, 2009, 2012, 2014, 2015 Albert Astals Cid <[email protected]>
 // Copyright (C) 2008 Tomas Are Haavet <[email protected]>
 // Copyright (C) 2012 Suzuki Toshiya <[email protected]>
 // Copyright (C) 2012 Adrian Johnson <[email protected]>
@@ -39,6 +39,7 @@
 #include <algorithm>
 #include "goo/gtypes.h"
 #include "goo/gmem.h"
+#include "goo/GooLikely.h"
 #include "goo/GooString.h"
 #include "goo/GooHash.h"
 #include "FoFiType1C.h"
@@ -937,7 +938,7 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc,
   GBool ok;
   Guint checksum;
   int nNewTables;
-  int glyfTableLen, length, pos, glyfPos, i, j, k;
+  int glyfTableLen, length, pos, glyfPos, i, j, k, vmtxTabLength;
   Guchar vheaTab[36] = {
     0, 1, 0, 0,                        // table version number
     0, 0,                      // ascent
@@ -1048,6 +1049,7 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc,
     }
   }
   vmtxTab = NULL; // make gcc happy
+  vmtxTabLength = 0;
   advance = 0; // make gcc happy
   if (needVerticalMetrics) {
     needVhea = seekTable("vhea") < 0;
@@ -1105,6 +1107,7 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc,
        checksum = computeTableChecksum(vheaTab, length);
       } else if (needVerticalMetrics && i == t42VmtxTable) {
        length = 4 + (nGlyphs - 1) * 2;
+       vmtxTabLength = length;
        vmtxTab = (Guchar *)gmalloc(length);
        vmtxTab[0] = advance / 256;
        vmtxTab[1] = advance % 256;
@@ -1219,8 +1222,16 @@ void FoFiTrueType::cvtSfnts(FoFiOutputFunc outputFunc,
          dumpString(file + tables[j].offset, tables[j].len,
                     outputFunc, outputStream);
        } else if (needVerticalMetrics && i == t42VheaTable) {
+         if (unlikely(length >= (int)sizeof(vheaTab))) {
+           error(errSyntaxWarning, -1, "length bigger than vheaTab size");
+           length = sizeof(vheaTab) - 1;
+         }
          dumpString(vheaTab, length, outputFunc, outputStream);
        } else if (needVerticalMetrics && i == t42VmtxTable) {
+         if (unlikely(length >= vmtxTabLength)) {
+           error(errSyntaxWarning, -1, "length bigger than vmtxTab size");
+           length = vmtxTabLength - 1;
+         }
          dumpString(vmtxTab, length, outputFunc, outputStream);
        }
       }
commit 6641b935e1fc0c4151a723b6b476d987b8324ed2
Author: Albert Astals Cid <[email protected]>
Date:   Sat Feb 7 21:58:23 2015 +0100

    If ECM is around include the sanitizers module
    
    This way you can run
      cmake -DECM_ENABLE_SANITIZERS='address'
    and get an ASAN built poppler

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 7d34c69..2c67b0b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -16,6 +16,11 @@ test_big_endian(WORDS_BIGENDIAN)
 include(CheckFileOffsetBits)
 CHECK_FILE_OFFSET_BITS()
 
+find_package (ECM 1.6.0 QUIET NO_MODULE)
+if (ECM_FOUND)
+    include("${ECM_MODULE_DIR}/ECMEnableSanitizers.cmake")
+endif()
+
 set(POPPLER_MAJOR_VERSION "0")
 set(POPPLER_MINOR_VERSION "31")
 set(POPPLER_MICRO_VERSION "0")
commit 92e41685dcef538a7fc669ca357ce9f448a8078e
Author: Albert Astals Cid <[email protected]>
Date:   Sat Feb 7 21:54:39 2015 +0100

    Fix crash in malformed file from bug #85275

diff --git a/poppler/SplashOutputDev.cc b/poppler/SplashOutputDev.cc
index 97af5c4..6640ab5 100644
--- a/poppler/SplashOutputDev.cc
+++ b/poppler/SplashOutputDev.cc
@@ -4048,8 +4048,8 @@ void SplashOutputDev::setSoftMask(GfxState *state, double 
*bbox,
   p = softMask->getDataPtr() + ty * softMask->getRowSize() + tx;
   int xMax = tBitmap->getWidth();
   int yMax = tBitmap->getHeight();
-  if (xMax + tx > bitmap->getWidth()) xMax = bitmap->getWidth() - tx;
-  if (yMax + ty > bitmap->getHeight()) yMax = bitmap->getHeight() - ty;
+  if (xMax > bitmap->getWidth() - tx) xMax = bitmap->getWidth() - tx;
+  if (yMax > bitmap->getHeight() - ty) yMax = bitmap->getHeight() - ty;
   for (y = 0; y < yMax; ++y) {
     for (x = 0; x < xMax; ++x) {
       if (alpha) {
diff --git a/splash/Splash.cc b/splash/Splash.cc
index fde272a..142516f 100644
--- a/splash/Splash.cc
+++ b/splash/Splash.cc
@@ -11,7 +11,7 @@
 // All changes made under the Poppler project to this file are licensed
 // under GPL version 2 or later
 //
-// Copyright (C) 2005-2014 Albert Astals Cid <[email protected]>
+// Copyright (C) 2005-2015 Albert Astals Cid <[email protected]>
 // Copyright (C) 2005 Marco Pesenti Gritti <[email protected]>
 // Copyright (C) 2010-2014 Thomas Freitag <[email protected]>
 // Copyright (C) 2010 Christian Feuersänger <[email protected]>
@@ -5214,6 +5214,10 @@ SplashError Splash::composite(SplashBitmap *src, int 
xSrc, int ySrc,
     return splashErrModeMismatch;
   }
 
+  if (unlikely(!bitmap->data)) {
+    return splashErrZeroImage;
+  }
+
   if(src->getSeparationList()->getLength() > 
bitmap->getSeparationList()->getLength()) {
     for (x = bitmap->getSeparationList()->getLength(); x < 
src->getSeparationList()->getLength(); x++)
       bitmap->getSeparationList()->append(((GfxSeparationColorSpace 
*)src->getSeparationList()->get(x))->copy());
@@ -5783,6 +5787,10 @@ SplashError Splash::blitTransparent(SplashBitmap *src, 
int xSrc, int ySrc,
     return splashErrModeMismatch;
   }
 
+  if (unlikely(!bitmap->data)) {
+    return splashErrZeroImage;
+  }
+
   switch (bitmap->mode) {
   case splashModeMono1:
     for (y = 0; y < h; ++y) {
diff --git a/splash/SplashBitmap.cc b/splash/SplashBitmap.cc
index ac344f1..e886683 100644
--- a/splash/SplashBitmap.cc
+++ b/splash/SplashBitmap.cc
@@ -11,7 +11,7 @@
 // All changes made under the Poppler project to this file are licensed
 // under GPL version 2 or later
 //
-// Copyright (C) 2006, 2009, 2010, 2012 Albert Astals Cid <[email protected]>
+// Copyright (C) 2006, 2009, 2010, 2012, 2015 Albert Astals Cid <[email protected]>
 // Copyright (C) 2007 Ilmari Heikkinen <[email protected]>
 // Copyright (C) 2009 Shen Liang <[email protected]>
 // Copyright (C) 2009 Stefan Thomas <[email protected]>
@@ -275,7 +275,7 @@ SplashError SplashBitmap::writeAlphaPGMFile(char *fileName) 
{
 void SplashBitmap::getPixel(int x, int y, SplashColorPtr pixel) {
   SplashColorPtr p;
 
-  if (y < 0 || y >= height || x < 0 || x >= width) {
+  if (y < 0 || y >= height || x < 0 || x >= width || !data) {
     return;
   }
   switch (mode) {

_______________________________________________
poppler mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/poppler

Reply via email to