poppler/GfxState.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
New commits: commit 37659c01087eb8b25a5a593268f1acf52e6624f7 Author: Albert Astals Cid <[email protected]> Date: Thu Jul 4 11:06:24 2019 +0200 Account for verticesA possible overflow in GfxGouraudTriangleShading::parse fixes oss-fuzz file abort diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc index a562a6ce..33d2aaf4 100644 --- a/poppler/GfxState.cc +++ b/poppler/GfxState.cc @@ -4877,7 +4877,13 @@ GfxGouraudTriangleShading *GfxGouraudTriangleShading::parse(GfxResources *res, i int oldVertSize = vertSize; vertSize = (vertSize == 0) ? 16 : 2 * vertSize; verticesA = (GfxGouraudVertex *) - greallocn(verticesA, vertSize, sizeof(GfxGouraudVertex)); + greallocn_checkoverflow(verticesA, vertSize, sizeof(GfxGouraudVertex)); + if (unlikely(!verticesA)) { + error(errSyntaxWarning, -1, "GfxGouraudTriangleShading::parse: vertices size overflow"); + gfree(trianglesA); + delete bitBuf; + return nullptr; + } memset(verticesA + oldVertSize, 0, (vertSize - oldVertSize) * sizeof(GfxGouraudVertex)); } verticesA[nVerticesA].x = xMin + xMul * (double)x; _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
