[poppler] Branch 'poppler-0.24' - splash/Splash.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Sun Aug 18 07:20:35 PDT 2013
splash/Splash.cc | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
New commits:
commit 678c767584fa80620cc58a1d8a913cb3473209d4
Author: Albert Astals Cid <aacid at kde.org>
Date: Sun Aug 18 16:19:27 2013 +0200
Fix crash in 1026.asan.0.42.pdf
We were not checking that bitmapOff was in bounds
diff --git a/splash/Splash.cc b/splash/Splash.cc
index ccfe1ed..d5aec8f 100644
--- a/splash/Splash.cc
+++ b/splash/Splash.cc
@@ -5420,6 +5420,7 @@ GBool Splash::gouraudTriangleShadedFill(SplashGouraudColor *shading)
SplashClip* clip = getClip();
SplashBitmap *blitTarget = bitmap;
SplashColorPtr bitmapData = bitmap->getDataPtr();
+ int bitmapOffLimit = bitmap->getHeight() * bitmap->getRowSize();
SplashColorPtr bitmapAlpha = bitmap->getAlphaPtr();
SplashColorPtr cur = NULL;
SplashCoord* userToCanvasMatrix = getMatrix();
@@ -5652,7 +5653,7 @@ GBool Splash::gouraudTriangleShadedFill(SplashGouraudColor *shading)
colorinterp = scanColorMap[0] * scanLimitL + scanColorMap[1];
bitmapOff = scanLineOff + scanLimitL * colorComps;
- for (int X = scanLimitL; X <= scanLimitR; ++X, colorinterp += scanColorMap[0], bitmapOff += colorComps) {
+ for (int X = scanLimitL; X <= scanLimitR && bitmapOff + colorComps <= bitmapOffLimit; ++X, colorinterp += scanColorMap[0], bitmapOff += colorComps) {
// FIXME : standard rectangular clipping can be done for a
// complete scanline which is faster
// --> see SplashClip and its methods
More information about the poppler
mailing list