[Poppler-bugs] [Bug 89200] New: [patch] fix uninitialized variable in Splash::pipeRun(SplashPipe*) (Splash.cc:470)

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Feb 17 22:27:08 PST 2015 

https://bugs.freedesktop.org/show_bug.cgi?id=89200

            Bug ID: 89200
           Summary: [patch] fix uninitialized variable in
                    Splash::pipeRun(SplashPipe*) (Splash.cc:470)
           Product: poppler
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: splash backend
          Assignee: poppler-bugs at lists.freedesktop.org
          Reporter: williambader at hotmail.com

Created attachment 113598
  --> https://bugs.freedesktop.org/attachment.cgi?id=113598&action=edit
provisional patch

Running pdftops with the PDF in
https://bugs.freedesktop.org/show_bug.cgi?id=88971 produces valgrind errors.

Line 470 of Splash.cc in Splash::pipeRun() has the test

if (pipe->shape && state->blendFunc && pipe->knockout && alpha0Bitmap != NULL)

but in some paths, pipe->shape is uninitialized because Splash::pipeInit() does
not initialize it and then valgrind complains:

Conditional jump or move depends on uninitialised value(s)
at 0x4BF0E5: Splash::pipeRun(SplashPipe*) (Splash.cc:470)
by 0x4CD84F: Splash::blitImage(SplashBitmap*, bool, int, int, SplashClipResult)
(Splash.cc:5109)
by 0x4CE0BA: Splash::drawImage(bool (*)(void*, unsigned char*, unsigned char*),
void*, SplashColorMode, bool, int, int, double*, bool, bool) (Splash.cc:3752)

I think that the best is to initialize it in pipeInit(), but I am not sure if
something depends on having pipeInit() leave it alone, so the attached patch
just initializes shape to 0 in a few places where it could be used
uninitialized.

Possibly the test at line 470 should use pipe->usesShape instead pipe->shape or
test pipe->shape after testing that alpha0Bitmap is not NULL.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/poppler-bugs/attachments/20150218/5d93a27b/attachment.html>

More information about the Poppler-bugs mailing list