poppler/GfxState.cc | 12 ++++++------ poppler/JBIG2Stream.cc | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-)
New commits: commit 8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9 Author: Albert Astals Cid <[email protected]> Date: Wed Jun 21 00:56:38 2017 +0200 Fix crash in malformed documents diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc index e6cd329b..f61f8124 100644 --- a/poppler/GfxState.cc +++ b/poppler/GfxState.cc @@ -4034,18 +4034,18 @@ GfxUnivariateShading::~GfxUnivariateShading() { void GfxUnivariateShading::getColor(double t, GfxColor *color) { double out[gfxColorMaxComps]; - int i, nComps; + int i; + + // NB: there can be one function with n outputs or n functions with + // one output each (where n = number of color components) + const int nComps = nFuncs * funcs[0]->getOutputSize(); - if (unlikely(nFuncs < 1)) { + if (unlikely(nFuncs < 1 || nComps > gfxColorMaxComps)) { for (int i = 0; i < gfxColorMaxComps; i++) color->c[i] = 0; return; } - // NB: there can be one function with n outputs or n functions with - // one output each (where n = number of color components) - nComps = nFuncs * funcs[0]->getOutputSize(); - if (cacheSize > 0) { double x, ix, *l, *u, *upper; commit a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc Author: Albert Astals Cid <[email protected]> Date: Wed Jun 21 00:55:20 2017 +0200 Fix crash in malformed documents diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc index 48535883..d89108c8 100644 --- a/poppler/JBIG2Stream.cc +++ b/poppler/JBIG2Stream.cc @@ -896,7 +896,7 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, oneByte = x0 == ((x1 - 1) & ~7); for (yy = y0; yy < y1; ++yy) { - if (unlikely(y + yy) >= h) + if (unlikely((y + yy >= h) || (y + yy < 0))) continue; // one byte per line -- need to mask both left and right side _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
