[Poppler-bugs] [Bug 37189] New: patch to fix a bad memory access when a character starts to the left of the image

Fri May 13 18:58:20 PDT 2011

https://bugs.freedesktop.org/show_bug.cgi?id=37189

           Summary: patch to fix a bad memory access when a character
                    starts to the left of the image
           Product: poppler
           Version: unspecified
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: splash backend
        AssignedTo: poppler-bugs at lists.freedesktop.org
        ReportedBy: williambader at hotmail.com

Created an attachment (id=46698)
 --> (https://bugs.freedesktop.org/attachment.cgi?id=46698)
Sample file to show the problem

When Splash::fillGlyph2() draws a character, if the starting X location is
negative, it increments the pointer to the glyph data to start at the position
in the glyph data that should go at X position 0.
If glyph->aa is set, the glyph data is one byte per pixel, and the increment by
abs(x start) is correct.
If glyph->aa is not set, the glyph data is one byte per 8 pixels, and the
increment should be by abs(x start)/8 and the loop that scans the data should
be offset by abs(x start)%8.
Splash::fillGlyph2() currently adds the same increment of abs(x start) whether
or not glyph->aa is set, and when glyph->aa is not set, drawing a character
with a negative X position can cause a bad memory reference.  For example,
running
  pdftops -eps -level1sep testimagemask.pdf test.ps
under valgrind reports
==12606== Conditional jump or move depends on uninitialised value(s)
==12606==    at 0x8120237: Splash::fillGlyph2(int, int, SplashGlyphBitmap*,
bool) (Splash.cc:1856)
==12606==    by 0x811FA58: Splash::fillChar(double, double, int, SplashFont*)
(Splash.cc:1724)

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.