[poppler] poppler/SplashOutputDev.cc splash/Splash.cc splash/Splash.h
Albert Astals Cid
aacid at kemper.freedesktop.org
Thu Jul 12 15:57:46 PDT 2012
poppler/SplashOutputDev.cc | 2 -
splash/Splash.cc | 79 +++++++++++++++++++++++++--------------------
splash/Splash.h | 4 +-
3 files changed, 48 insertions(+), 37 deletions(-)
New commits:
commit f9f5238d32615f93d07afa3aa7384a8b30737203
Author: Thomas Freitag <Thomas.Freitag at alfa.de>
Date: Fri Jul 13 00:56:48 2012 +0200
Fix Splash::arbitraryTransformImage causes bogus memory allocation size
Bug #49523
diff --git a/poppler/SplashOutputDev.cc b/poppler/SplashOutputDev.cc
index be35c25..abdcea4 100644
--- a/poppler/SplashOutputDev.cc
+++ b/poppler/SplashOutputDev.cc
@@ -4059,7 +4059,7 @@ GBool SplashOutputDev::tilingPatternFill(GfxState *state, Gfx *gfx1, Catalog *ca
matc[1] = ctm[1];
matc[2] = ctm[2];
matc[3] = ctm[3];
- splash->drawImage(&tilingBitmapSrc, &imgData, colorMode, gTrue, result_width, result_height, matc);
+ splash->drawImage(&tilingBitmapSrc, &imgData, colorMode, gTrue, result_width, result_height, matc, gTrue);
delete tBitmap;
delete gfx;
return gTrue;
diff --git a/splash/Splash.cc b/splash/Splash.cc
index 0e07c70..b927e5e 100644
--- a/splash/Splash.cc
+++ b/splash/Splash.cc
@@ -3375,7 +3375,8 @@ void Splash::blitMask(SplashBitmap *src, int xDest, int yDest,
SplashError Splash::drawImage(SplashImageSource src, void *srcData,
SplashColorMode srcMode, GBool srcAlpha,
- int w, int h, SplashCoord *mat) {
+ int w, int h, SplashCoord *mat,
+ GBool tilingPattern) {
GBool ok;
SplashBitmap *scaledImg;
SplashClipResult clipRes;
@@ -3499,7 +3500,7 @@ SplashError Splash::drawImage(SplashImageSource src, void *srcData,
// all other cases
} else {
return arbitraryTransformImage(src, srcData, srcMode, nComps, srcAlpha,
- w, h, mat);
+ w, h, mat, tilingPattern);
}
return splashOk;
@@ -3509,7 +3510,8 @@ SplashError Splash::arbitraryTransformImage(SplashImageSource src, void *srcData
SplashColorMode srcMode, int nComps,
GBool srcAlpha,
int srcWidth, int srcHeight,
- SplashCoord *mat) {
+ SplashCoord *mat,
+ GBool tilingPattern) {
SplashBitmap *scaledImg;
SplashClipResult clipRes, clipRes2;
SplashPipe pipe;
@@ -3558,44 +3560,53 @@ SplashError Splash::arbitraryTransformImage(SplashImageSource src, void *srcData
}
// compute the scale factors
- if (mat[0] >= 0) {
- t0 = imgCoordMungeUpper(mat[0] + mat[4]) - imgCoordMungeLower(mat[4]);
+ if (splashAbs(mat[0]) >= splashAbs(mat[1])) {
+ scaledWidth = xMax - xMin;
+ scaledHeight = yMax - yMin;
} else {
- t0 = imgCoordMungeUpper(mat[4]) - imgCoordMungeLower(mat[0] + mat[4]);
+ scaledWidth = yMax - yMin;
+ scaledHeight = xMax - xMin;
}
- if (mat[1] >= 0) {
- t1 = imgCoordMungeUpper(mat[1] + mat[5]) - imgCoordMungeLower(mat[5]);
- } else {
- t1 = imgCoordMungeUpper(mat[5]) - imgCoordMungeLower(mat[1] + mat[5]);
- }
- scaledWidth = t0 > t1 ? t0 : t1;
- if (mat[2] >= 0) {
- t0 = imgCoordMungeUpper(mat[2] + mat[4]) - imgCoordMungeLower(mat[4]);
- if (splashAbs(mat[1]) >= 1) {
- th = imgCoordMungeUpper(mat[2]) - imgCoordMungeLower(mat[0] * mat[3] / mat[1]);
- if (th > t0) t0 = th;
+ if (scaledHeight <= 1 || scaledHeight <= 1 || tilingPattern) {
+ if (mat[0] >= 0) {
+ t0 = imgCoordMungeUpper(mat[0] + mat[4]) - imgCoordMungeLower(mat[4]);
+ } else {
+ t0 = imgCoordMungeUpper(mat[4]) - imgCoordMungeLower(mat[0] + mat[4]);
}
- } else {
- t0 = imgCoordMungeUpper(mat[4]) - imgCoordMungeLower(mat[2] + mat[4]);
- if (splashAbs(mat[1]) >= 1) {
- th = imgCoordMungeUpper(mat[0] * mat[3] / mat[1]) - imgCoordMungeLower(mat[2]);
- if (th > t0) t0 = th;
+ if (mat[1] >= 0) {
+ t1 = imgCoordMungeUpper(mat[1] + mat[5]) - imgCoordMungeLower(mat[5]);
+ } else {
+ t1 = imgCoordMungeUpper(mat[5]) - imgCoordMungeLower(mat[1] + mat[5]);
}
- }
- if (mat[3] >= 0) {
- t1 = imgCoordMungeUpper(mat[3] + mat[5]) - imgCoordMungeLower(mat[5]);
- if (splashAbs(mat[0]) >= 1) {
- th = imgCoordMungeUpper(mat[3]) - imgCoordMungeLower(mat[1] * mat[2] / mat[0]);
- if (th > t1) t1 = th;
+ scaledWidth = t0 > t1 ? t0 : t1;
+ if (mat[2] >= 0) {
+ t0 = imgCoordMungeUpper(mat[2] + mat[4]) - imgCoordMungeLower(mat[4]);
+ if (splashAbs(mat[1]) >= 1) {
+ th = imgCoordMungeUpper(mat[2]) - imgCoordMungeLower(mat[0] * mat[3] / mat[1]);
+ if (th > t0) t0 = th;
+ }
+ } else {
+ t0 = imgCoordMungeUpper(mat[4]) - imgCoordMungeLower(mat[2] + mat[4]);
+ if (splashAbs(mat[1]) >= 1) {
+ th = imgCoordMungeUpper(mat[0] * mat[3] / mat[1]) - imgCoordMungeLower(mat[2]);
+ if (th > t0) t0 = th;
+ }
}
- } else {
- t1 = imgCoordMungeUpper(mat[5]) - imgCoordMungeLower(mat[3] + mat[5]);
- if (splashAbs(mat[0]) >= 1) {
- th = imgCoordMungeUpper(mat[1] * mat[2] / mat[0]) - imgCoordMungeLower(mat[3]);
- if (th > t1) t1 = th;
+ if (mat[3] >= 0) {
+ t1 = imgCoordMungeUpper(mat[3] + mat[5]) - imgCoordMungeLower(mat[5]);
+ if (splashAbs(mat[0]) >= 1) {
+ th = imgCoordMungeUpper(mat[3]) - imgCoordMungeLower(mat[1] * mat[2] / mat[0]);
+ if (th > t1) t1 = th;
+ }
+ } else {
+ t1 = imgCoordMungeUpper(mat[5]) - imgCoordMungeLower(mat[3] + mat[5]);
+ if (splashAbs(mat[0]) >= 1) {
+ th = imgCoordMungeUpper(mat[1] * mat[2] / mat[0]) - imgCoordMungeLower(mat[3]);
+ if (th > t1) t1 = th;
+ }
}
+ scaledHeight = t0 > t1 ? t0 : t1;
}
- scaledHeight = t0 > t1 ? t0 : t1;
if (scaledWidth == 0) {
scaledWidth = 1;
}
diff --git a/splash/Splash.h b/splash/Splash.h
index bc82faa..f4fb542 100644
--- a/splash/Splash.h
+++ b/splash/Splash.h
@@ -209,7 +209,7 @@ public:
// The matrix behaves as for fillImageMask.
SplashError drawImage(SplashImageSource src, void *srcData,
SplashColorMode srcMode, GBool srcAlpha,
- int w, int h, SplashCoord *mat);
+ int w, int h, SplashCoord *mat, GBool tilingPattern = gFalse);
// Composite a rectangular region from <src> onto this Splash
// object.
@@ -348,7 +348,7 @@ private:
SplashColorMode srcMode, int nComps,
GBool srcAlpha,
int srcWidth, int srcHeight,
- SplashCoord *mat);
+ SplashCoord *mat, GBool tilingPattern = gFalse);
SplashBitmap *scaleImage(SplashImageSource src, void *srcData,
SplashColorMode srcMode, int nComps,
GBool srcAlpha, int srcWidth, int srcHeight,
More information about the poppler
mailing list