poppler/GfxState.cc | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit fef32ba463a225618a967c541d939fd69e02f2dd
Author: Albert Astals Cid <[email protected]>
Date: Fri May 25 17:42:22 2018 +0200
GfxPatchMeshShading::parse: Add bounds check for compBits
The spec is much more strict on what is valid, but i'm only doing a check
so that the code doesn't break
fixes oss-fuzz/8445
diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index 07da59a7..71ab480b 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -5145,6 +5145,10 @@ GfxPatchMeshShading
*GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
error(errSyntaxWarning, -1, "Missing or invalid BitsPerComponent in
shading dictionary");
return nullptr;
}
+ if (unlikely(compBits <= 0 || compBits > 31)) {
+ error(errSyntaxWarning, -1, "Invalid BitsPerComponent in shading
dictionary");
+ return nullptr;
+ }
obj1 = dict->lookup("BitsPerFlag");
if (obj1.isInt()) {
flagBits = obj1.getInt();
_______________________________________________
poppler mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/poppler
