[Poppler-bugs] [Bug 105972] New: bogus memory allocation size in GfxGouraudTriangleShading::parse

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Tue Apr 10 13:44:11 UTC 2018 

https://bugs.freedesktop.org/show_bug.cgi?id=105972

            Bug ID: 105972
           Summary: bogus memory allocation size in
                    GfxGouraudTriangleShading::parse
           Product: poppler
           Version: unspecified
          Hardware: x86-64 (AMD64)
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: general
          Assignee: poppler-bugs at lists.freedesktop.org
          Reporter: pdknsk at gmail.com

Bogus memory allocation size
==15480== ERROR: libFuzzer: fuzz target exited
    ...
    #5 0x5a849f in gmallocn(int, int, bool) poppler/goo/gmem.cc:190:10
    #6 0x6437d1 in GfxGouraudTriangleShading::parse(GfxResources*, int, Dict*,
Stream*, OutputDev*, GfxState*) poppler/poppler/GfxState.cc:4921:30
    #7 0x63e923 in GfxShading::parse(GfxResources*, Object*, OutputDev*,
GfxState*) poppler/poppler/GfxState.cc:3594:17
    #8 0x63db44 in GfxShadingPattern::parse(GfxResources*, Object*, OutputDev*,
GfxState*, int) poppler/poppler/GfxState.cc:3482:14
    #9 0x63cce1 in GfxPattern::parse(GfxResources*, Object*, OutputDev*,
GfxState*, int) poppler/poppler/GfxState.cc:3350:15
    #10 0x5e9190 in GfxResources::lookupPattern(char*, OutputDev*, GfxState*)
poppler/poppler/Gfx.cc:471:12
    #11 0x5ddde0 in Gfx::opSetStrokeColorN(Object*, int)
poppler/poppler/Gfx.cc:1665:18
    #12 0x5ec519 in Gfx::go(bool) poppler/poppler/Gfx.cc:747:7
    #13 0x5ebdec in Gfx::display(Object*, bool) poppler/poppler/Gfx.cc:709:3
    #14 0x68359c in Page::displaySlice(OutputDev*, double, double, int, bool,
bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*,
void*), void*, bool) poppler/poppler/Page.cc:560:10
    #15 0x68d84f in PDFDoc::displayPageSlice(OutputDev*, int, double, double,
int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool
(*)(Annot*, void*), void*, bool) poppler/poppler/PDFDoc.cc:550:20
    #16 0x59b333 in poppler::page_renderer::render_page(poppler::page const*,
double, double, int, int, int, int, poppler::rotation_enum) const
poppler/cpp/poppler-page-renderer.cpp:180:13

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/poppler-bugs/attachments/20180410/c044a4c1/attachment.html>

More information about the Poppler-bugs mailing list