[Poppler-bugs] [Bug 101504] NULL dereference in GfxState.cc:6127
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Mon Jun 19 18:05:11 UTC 2017
https://bugs.freedesktop.org/show_bug.cgi?id=101504
--- Comment #1 from foca at salesforce.com <foca at salesforce.com> ---
There is a similar bug at CairoOutputDev.cc:2598:
2596 for (y = 0; y < height; y++) {
2597 dest = (unsigned int *) (buffer + y * row_stride);
2598 pix = imgStr->getLine();
2599 colorMap->getRGBLine (pix, dest, width);
2600 }
The returned value for getLine is not validated. And in some scenarios this
value is NULL, so a NULL pointer dereference happens and poppler crashes.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20170619/14b40f71/attachment.html>
More information about the Poppler-bugs
mailing list