El dimarts, 16 de juliol de 2019, a les 1:47:28 CEST, William Bader va escriure:
> Are sequences like 'surface_width = (int) ceil (fabs(kx));' safe? Can it wrap
> negative if the real number is too large for an int? Are all of the places
> using this idiom guaranteed never to overflow?
Probably not, but they don't cause a crash like dividing an integer by 0 does.
> In this particular patch would it be safer to use 'if (unlikely(surface_width
> <= 0 || surface_height <= 0)) {' ?
I haven't studied the code for more than 3 seconds but it doesn't seem like
those values being negative would be a huge problem.
Cheers,
Albert
> Regards, William
>
> ________________________________
> From: poppler <[email protected]> on behalf of GitLab
> Mirror <[email protected]>
> Sent: Monday, July 15, 2019 6:06 PM
> To: [email protected]
> Subject: [poppler] 2 commits - poppler/JPEG2000Stream.cc
> poppler/SplashOutputDev.cc
>
> poppler/JPEG2000Stream.cc | 2 +-
> poppler/SplashOutputDev.cc | 4 ++++
> 2 files changed, 5 insertions(+), 1 deletion(-)
>
> New commits:
> commit 68ef84e5968a4249c2162b839ca6d7975048a557
> Author: Albert Astals Cid <[email protected]>
> Date: Mon Jul 15 23:24:22 2019 +0200
>
> JPXStream::init: ignore dict Length if clearly broken
>
> Fixes issue #805
>
> diff --git a/poppler/JPEG2000Stream.cc b/poppler/JPEG2000Stream.cc
> index 0eea3a2d..8e6902f4 100644
> --- a/poppler/JPEG2000Stream.cc
> +++ b/poppler/JPEG2000Stream.cc
> @@ -219,7 +219,7 @@ void JPXStream::init()
> }
>
> int bufSize = BUFFER_INITIAL_SIZE;
> - if (oLen.isInt()) bufSize = oLen.getInt();
> + if (oLen.isInt() && oLen.getInt() > 0) bufSize = oLen.getInt();
>
> bool indexed = false;
> if (cspace.isArray() && cspace.arrayGetLength() > 0) {
> commit b224e2f5739fe61de9fa69955d016725b2a4b78d
> Author: Albert Astals Cid <[email protected]>
> Date: Mon Jul 15 22:11:09 2019 +0200
>
> SplashOutputDev::tilingPatternFill: Fix crash on broken file
>
> Issue #802
>
> diff --git a/poppler/SplashOutputDev.cc b/poppler/SplashOutputDev.cc
> index 544f132d..3d2befc2 100644
> --- a/poppler/SplashOutputDev.cc
> +++ b/poppler/SplashOutputDev.cc
> @@ -4581,6 +4581,10 @@ bool SplashOutputDev::tilingPatternFill(GfxState
> *state, Gfx *gfxA, Catalog *cat
> surface_width = (int) ceil (fabs(kx));
> surface_height = (int) ceil (fabs(ky));
> // adjust repeat values to completely fill region
> + if (unlikely(surface_width == 0 || surface_height == 0)) {
> + state->setCTM(savedCTM[0], savedCTM[1], savedCTM[2], savedCTM[3],
> savedCTM[4], savedCTM[5]);
> + return false;
> + }
> repeatX = result_width / surface_width;
> repeatY = result_height / surface_height;
> if (surface_width * repeatX < result_width)
> _______________________________________________
> poppler mailing list
> [email protected]
> https://lists.freedesktop.org/mailman/listinfo/poppler
>
_______________________________________________
poppler mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/poppler
