[poppler] Branch 'poppler-0.22' - poppler/Stream.cc

[Albert Astals Cid]

 poppler/Stream.cc |   10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

New commits:
commit 0388837f01bc467045164f9ddaff787000a8caaa
Author: Albert Astals Cid <aacid at kde.org>
Date:   Thu Jan 10 20:29:06 2013 +0100

    Fix another invalid memory access in 1091.pdf.asan.72.42

diff --git a/poppler/Stream.cc b/poppler/Stream.cc
index d118ddd..4cb3326 100644
--- a/poppler/Stream.cc
+++ b/poppler/Stream.cc
@@ -2387,7 +2387,8 @@ GBool CCITTFaxStream::isBinary(GBool last) {
 
 // clip [-256,511] --> [0,255]
 #define dctClipOffset 256
-static Guchar dctClip[768];
+#define dctClipLength 768
+static Guchar dctClip[dctClipLength];
 static int dctClipInit = 0;
 
 // zig zag decode map
@@ -3343,7 +3344,12 @@ void DCTStream::transformDataUnit(Gushort *quantTable,
 
   // convert to 8-bit integers
   for (i = 0; i < 64; ++i) {
-    dataOut[i] = dctClip[dctClipOffset + 128 + ((dataIn[i] + 8) >> 4)];
+    const int ix = dctClipOffset + 128 + ((dataIn[i] + 8) >> 4);
+    if (unlikely(ix < 0 || ix >= dctClipLength)) {
+      dataOut[i] = 0;
+    } else {
+      dataOut[i] = dctClip[ix];
+    }
   }
 }