splash/Splash.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)
New commits: commit 2d6ba9b1483cd4ae7f90d2f7ddef5a08cc3082a2 Author: Albert Astals Cid <[email protected]> Date: Tue Oct 30 00:11:06 2018 +0100 Fix crash if document is malformed (too wide) oss-fuzz/11195 diff --git a/splash/Splash.cc b/splash/Splash.cc index 7964da39..bce1015b 100644 --- a/splash/Splash.cc +++ b/splash/Splash.cc @@ -3337,7 +3337,12 @@ void Splash::scaleMaskYdXd(SplashImageMaskSource src, void *srcData, // allocate buffers lineBuf = (Guchar *)gmalloc(srcWidth); - pixBuf = (Guint *)gmallocn(srcWidth, sizeof(int)); + pixBuf = (Guint *)gmallocn_checkoverflow(srcWidth, sizeof(int)); + if (unlikely(!pixBuf)) { + error(errInternal, -1, "Couldn't allocate memory for pixBux in Splash::scaleMaskYdXd"); + gfree(lineBuf); + return; + } // init y scale Bresenham yt = 0; _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
