[Poppler-bugs] [Bug 34357] Crash when scrolling through a pdf
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Sat Feb 26 04:09:19 PST 2011
https://bugs.freedesktop.org/show_bug.cgi?id=34357
Carlos Garcia Campos <carlosgc at gnome.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|cairo backend |general
--- Comment #5 from Carlos Garcia Campos <carlosgc at gnome.org> 2011-02-26 04:09:19 PST ---
(In reply to comment #4)
> Cairo backend specific. Works with the splash backend. Problem is actually on
> page 6.
The problem is not actually in the cairo backend, but in
GfxICCBasedColorSpace::getRGBLine(). It doesn't crash with splash because it
doesn't use getRGBline().
The problem is when using libcms, there's a line transform and getRGBLine() is
called when nComps = 0. First, it allocates memory depending on nComps:
Guchar* tmp = (Guchar *)gmallocn(nComps * length, sizeof(Guchar));
but it writes to the out buffer assuming nComps = 3:
for (int i = 0; i < length; ++i) {
Guchar *current = tmp + (i * 3);
out[i] = (current[0] << 16) | (current[1] << 8) | current[2];
}
Allocating enough memory fixes the crash, but I'm not sure it's the right fix
though:
- Guchar* tmp = (Guchar *)gmallocn(nComps * length, sizeof(Guchar));
+ Guchar* tmp = (Guchar *)gmallocn(3 * length, sizeof(Guchar));
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the Poppler-bugs
mailing list