splash/SplashXPathScanner.cc | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
New commits: commit 8dbe2e6c480405dab9347075cf4be626f90f1d05 Author: Albert Astals Cid <[email protected]> Date: Wed Apr 3 18:02:42 2019 +0200 SplashXPathScanner::clipAALine: Fix crash on broken file Make sure the index of allIntersections we access is valid Fixes #748 diff --git a/splash/SplashXPathScanner.cc b/splash/SplashXPathScanner.cc index 8362a6a5..23b4f7c4 100644 --- a/splash/SplashXPathScanner.cc +++ b/splash/SplashXPathScanner.cc @@ -452,7 +452,10 @@ void SplashXPathScanner::clipAALine(SplashBitmap *aaBuf, for (yy = 0; yy < splashAASize; ++yy) { xx = *x0 * splashAASize; if (yy >= yyMin && yy <= yyMax) { - const auto& line = allIntersections[splashAASize * y + yy - yMin]; + const int intersectionIndex = splashAASize * y + yy - yMin; + if (unlikely(intersectionIndex < 0 || (unsigned)intersectionIndex >= allIntersections.size())) + break; + const auto& line = allIntersections[intersectionIndex]; interIdx = 0; interCount = 0; while (interIdx < line.size() && xx < (*x1 + 1) * splashAASize) { _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
