splash/Splash.cc | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-)
New commits: commit 8bc5acb1c18e77e912b7d9caa7f73e6969d1dede Author: Albert Astals Cid <[email protected]> Date: Thu Jul 19 17:55:13 2018 +0200 Splash::arbitraryTransformMask: Set clipRes to splashClipPartial in some if branches If xx or yy are not in the expected bounds something went wrong so don't assume we're still inside the valid area for the destination either fixes oss-fuzz/9382 diff --git a/splash/Splash.cc b/splash/Splash.cc index 90cdf126..1cd7fb22 100644 --- a/splash/Splash.cc +++ b/splash/Splash.cc @@ -3270,15 +3270,19 @@ void Splash::arbitraryTransformMask(SplashImageMaskSource src, void *srcData, ((SplashCoord)y + 0.5 - mat[5]) * ir11); // xx should always be within bounds, but floating point // inaccuracy can cause problems - if (xx < 0) { + if (unlikely(xx < 0)) { xx = 0; - } else if (xx >= scaledWidth) { + clipRes2 = splashClipPartial; + } else if (unlikely(xx >= scaledWidth)) { xx = scaledWidth - 1; + clipRes2 = splashClipPartial; } - if (yy < 0) { + if (unlikely(yy < 0)) { yy = 0; - } else if (yy >= scaledHeight) { + clipRes2 = splashClipPartial; + } else if (unlikely(yy >= scaledHeight)) { yy = scaledHeight - 1; + clipRes2 = splashClipPartial; } pipe.shape = scaledMask->data[yy * scaledWidth + xx]; if (vectorAntialias && clipRes2 != splashClipAllInside) { _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
