poppler/SplashOutputDev.cc | 9 +++++++++ 1 file changed, 9 insertions(+)
New commits: commit e0148dbc9a0189d1ee982a1b3e763930e086b919 Author: Thomas Freitag <[email protected]> Date: Wed Jul 12 14:42:25 2023 +0000 avoid bogus memory allocation size in doTilingPatternFill diff --git a/poppler/SplashOutputDev.cc b/poppler/SplashOutputDev.cc index 19ca649d..0559f5e9 100644 --- a/poppler/SplashOutputDev.cc +++ b/poppler/SplashOutputDev.cc @@ -4309,6 +4309,15 @@ bool SplashOutputDev::tilingPatternFill(GfxState *state, Gfx *gfxA, Catalog *cat surface_height = (int)ceil(fabs(ky)); repeatX = x1 - x0; repeatY = y1 - y0; + while ((unsigned long)repeatX * repeatY > 0x800000L) { + // try to avoid bogus memory allocation size + if (repeatX > 1) { + repeatX /= 2; + } + if (repeatY > 1) { + repeatY /= 2; + } + } } else { if ((unsigned long)surface_width * surface_height > 0x800000L) { state->setCTM(savedCTM[0], savedCTM[1], savedCTM[2], savedCTM[3], savedCTM[4], savedCTM[5]);
