poppler/GfxState.cc | 4 ++++
1 file changed, 4 insertions(+)
New commits:
commit 7e2189377bfaa0594e25eaba26aca47bea59f315
Author: Albert Astals Cid <[email protected]>
Date: Fri May 25 17:47:07 2018 +0200
GfxGouraudTriangleShading::parse: Add bounds check for compBits
The spec is much more strict on what is valid, but i'm only doing a check
so that the code doesn't break
diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index 71ab480b..d459e73f 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -4793,6 +4793,10 @@ GfxGouraudTriangleShading
*GfxGouraudTriangleShading::parse(GfxResources *res, i
error(errSyntaxWarning, -1, "Missing or invalid BitsPerComponent in
shading dictionary");
return nullptr;
}
+ if (unlikely(compBits <= 0 || compBits > 31)) {
+ error(errSyntaxWarning, -1, "Invalid BitsPerComponent in shading
dictionary");
+ return nullptr;
+ }
flagBits = vertsPerRow = 0; // make gcc happy
if (typeA == 4) {
obj1 = dict->lookup("BitsPerFlag");
_______________________________________________
poppler mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/poppler
