Re: [poppler] 2 commits - poppler/JPEG2000Stream.cc poppler/SplashOutputDev.cc

Mon, 15 Jul 2019 16:48:13 -0700 

Are sequences like 'surface_width = (int) ceil (fabs(kx));' safe? Can it wrap 
negative if the real number is too large for an int? Are all of the places 
using this idiom guaranteed never to overflow?
In this particular patch would it be safer to use 'if (unlikely(surface_width 
<= 0 || surface_height <= 0)) {' ?
Regards, William

________________________________
From: poppler <[email protected]> on behalf of GitLab 
Mirror <[email protected]>
Sent: Monday, July 15, 2019 6:06 PM
To: [email protected]
Subject: [poppler] 2 commits - poppler/JPEG2000Stream.cc 
poppler/SplashOutputDev.cc

poppler/JPEG2000Stream.cc  |    2 +-
 poppler/SplashOutputDev.cc |    4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

New commits:
commit 68ef84e5968a4249c2162b839ca6d7975048a557
Author: Albert Astals Cid <[email protected]>
Date:   Mon Jul 15 23:24:22 2019 +0200

    JPXStream::init: ignore dict Length if clearly broken

    Fixes issue #805

diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc
index 0eea3a2d..8e6902f4 100644
--- a/poppler/JPEG2000Stream.cc
+++ b/poppler/JPEG2000Stream.cc
@@ -219,7 +219,7 @@ void JPXStream::init()
   }

   int bufSize = BUFFER_INITIAL_SIZE;
-  if (oLen.isInt()) bufSize = oLen.getInt();
+  if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt();

   bool indexed = false;
   if (cspace.isArray() && cspace.arrayGetLength() > 0) {
commit b224e2f5739fe61de9fa69955d016725b2a4b78d
Author: Albert Astals Cid <[email protected]>
Date:   Mon Jul 15 22:11:09 2019 +0200

    SplashOutputDev::tilingPatternFill: Fix crash on broken file

    Issue #802

diff --git a/poppler/SplashOutputDev.cc b/poppler/SplashOutputDev.cc
index 544f132d..3d2befc2 100644
--- a/poppler/SplashOutputDev.cc
+++ b/poppler/SplashOutputDev.cc
@@ -4581,6 +4581,10 @@ bool SplashOutputDev::tilingPatternFill(GfxState *state, 
Gfx *gfxA, Catalog *cat
     surface_width = (int) ceil (fabs(kx));
     surface_height = (int) ceil (fabs(ky));
     // adjust repeat values to completely fill region
+    if (unlikely(surface_width == 0 || surface_height == 0)) {
+        state->setCTM(savedCTM[0], savedCTM[1], savedCTM[2], savedCTM[3], 
savedCTM[4], savedCTM[5]);
+        return false;
+    }
     repeatX = result_width / surface_width;
     repeatY = result_height / surface_height;
     if (surface_width * repeatX < result_width)
_______________________________________________
poppler mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/poppler

_______________________________________________
poppler mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/poppler

Reply via email to