[poppler] 7 commits - poppler/Function.cc poppler/GfxState.cc poppler/JBIG2Stream.cc poppler/Stream.cc poppler/TextOutputDev.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Wed Mar 26 12:34:49 PDT 2014
poppler/Function.cc | 8 ++++++--
poppler/GfxState.cc | 4 ++--
poppler/JBIG2Stream.cc | 17 ++++++++++-------
poppler/Stream.cc | 4 ++--
poppler/TextOutputDev.cc | 2 +-
5 files changed, 21 insertions(+), 14 deletions(-)
New commits:
commit ec2f8bca9f48935d3180dab65ef2ca455a893afd
Author: Albert Astals Cid <aacid at kde.org>
Date: Wed Mar 26 18:38:13 2014 +0100
Fix overflow malloc
diff --git a/poppler/Stream.cc b/poppler/Stream.cc
index 8ef061a..4c00ddb 100644
--- a/poppler/Stream.cc
+++ b/poppler/Stream.cc
@@ -14,7 +14,7 @@
// under GPL version 2 or later
//
// Copyright (C) 2005 Jeff Muizelaar <jeff at infidigm.net>
-// Copyright (C) 2006-2010, 2012, 2013 Albert Astals Cid <aacid at kde.org>
+// Copyright (C) 2006-2010, 2012-2014 Albert Astals Cid <aacid at kde.org>
// Copyright (C) 2007 Krzysztof Kowalczyk <kkowalczyk at gmail.com>
// Copyright (C) 2008 Julien Rebetez <julien at fhtagn.net>
// Copyright (C) 2009 Carlos Garcia Campos <carlosgc at gnome.org>
@@ -452,7 +452,7 @@ ImageStream::ImageStream(Stream *strA, int widthA, int nCompsA, int nBitsA) {
nVals = width * nComps;
inputLineSize = (nVals * nBits + 7) >> 3;
- if (nBits <= 0 || nVals > INT_MAX / nBits - 7) {
+ if (nBits <= 0 || nVals > INT_MAX / nBits - 7 || width > INT_MAX / nComps) {
inputLineSize = -1;
}
inputLine = (Guchar *)gmallocn_checkoverflow(inputLineSize, sizeof(char));
commit 322e416451b7b33cba8fb3d4702207693c3c7921
Author: Albert Astals Cid <aacid at kde.org>
Date: Wed Mar 26 17:58:48 2014 +0100
Fix error reported by ASAN in 1195.asan.0.293.pdf
==31060== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60040002a215 at pc 0x7f5614cd96c4 bp 0x7fff54a44050 sp 0x7fff54a44048
READ of size 1 at 0x60040002a215 thread T0
#0 0x7f5614cd96c3 in JBIG2Stream::readGenericBitmap(bool, int, int, int, bool, bool, JBIG2Bitmap*, int*, int*, int) /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:3389
#1 0x7f5614cce0e7 in JBIG2Stream::readSymbolDictSeg(unsigned int, unsigned int, unsigned int*, unsigned int) /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:1867
#2 0x7f5614ccb8fe in JBIG2Stream::readSegments() /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:1408
#3 0x7f5614cca72e in JBIG2Stream::reset() /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:1248
#4 0x7f5614d1648b in ImageStream::reset() /home/tsdgeos/devel/poppler/poppler/Stream.cc:484
#5 0x7f5614de6578 in SplashOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, int*, bool) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:3158
#6 0x7f5614c41d64 in Gfx::doImage(Object*, Stream*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4653
#7 0x7f5614c3ede0 in Gfx::opXObject(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4179
#8 0x7f5614c1933a in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903
#9 0x7f5614c1850f in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762
#10 0x7f5614c18163 in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728
#11 0x7f5614cfae27 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585
#12 0x7f5614d02353 in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
#13 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
#14 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
#15 0x7f5614322ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#16 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 87411ca..4c55123 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -3384,8 +3384,9 @@ JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h,
if (atx[0] >= -8 && atx[0] <= 8) {
// set up the adaptive context
- if (y + aty[0] >= 0) {
- atP0 = bitmap->getDataPtr() + (y + aty[0]) * bitmap->getLineSize();
+ const int atY = y + aty[0];
+ if ((atY >= 0) && (atY < bitmap->getHeight())) {
+ atP0 = bitmap->getDataPtr() + atY * bitmap->getLineSize();
atBuf0 = *atP0++ << 8;
} else {
atP0 = NULL;
commit 225232f6f070d17d8570108ffe39ffd4350fc6e8
Author: Albert Astals Cid <aacid at kde.org>
Date: Wed Mar 26 15:00:09 2014 +0100
Fix error reported by ASAN in 6609.asan.0.8343.pdf
==8470== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f3b12f7b5e1 at pc 0x7f3b0f915f5e bp 0x7fff47842de0 sp 0x7fff47842dd8
READ of size 1 at 0x7f3b12f7b5e1 thread T0
#0 0x7f3b0f915f5d in JBIG2Stream::readGenericBitmap(bool, int, int, int, bool, bool, JBIG2Bitmap*, int*, int*, int) /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:3628
#1 0x7f3b0f910558 in JBIG2Stream::readGenericRegionSeg(unsigned int, bool, bool, unsigned int) /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:2849
#2 0x7f3b0f906b33 in JBIG2Stream::readSegments() /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:1443
#3 0x7f3b0f90572e in JBIG2Stream::reset() /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:1248
#4 0x7f3b0f951459 in ImageStream::reset() /home/tsdgeos/devel/poppler/poppler/Stream.cc:484
#5 0x7f3b0fa21546 in SplashOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, int*, bool) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:3158
#6 0x7f3b0f87cd64 in Gfx::doImage(Object*, Stream*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4653
#7 0x7f3b0f879de0 in Gfx::opXObject(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4179
#8 0x7f3b0f85433a in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903
#9 0x7f3b0f85350f in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762
#10 0x7f3b0f853163 in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728
#11 0x7f3b0f935df5 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585
#12 0x7f3b0f93d321 in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
#13 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
#14 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
#15 0x7f3b0ef5dec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#16 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index e2f8ec0..87411ca 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -3608,8 +3608,9 @@ JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h,
if (atx[0] >= -8 && atx[0] <= 8) {
// set up the adaptive context
- if (y + aty[0] >= 0) {
- atP0 = bitmap->getDataPtr() + (y + aty[0]) * bitmap->getLineSize();
+ const int atY = y + aty[0];
+ if ((atY >= 0) && (atY < bitmap->getHeight())) {
+ atP0 = bitmap->getDataPtr() + atY * bitmap->getLineSize();
atBuf0 = *atP0++ << 8;
} else {
atP0 = NULL;
commit 216890f1f147b25643e0d6e18e361d4d34b6c332
Author: Albert Astals Cid <aacid at kde.org>
Date: Wed Mar 26 12:19:42 2014 +0100
Fix error reported by ASAN in 6760.asan.0.8568.pdf
==26566== ERROR: AddressSanitizer: SEGV on unknown address 0x7fffbc3e5ea8 (pc 0x7fe1fa858db1 sp 0x7fffc788eb30 bp 0x7fffc788eb40 T0)
AddressSanitizer can not provide additional info.
#0 0x7fe1fa858db0 in PSStack::index(int) /home/tsdgeos/devel/poppler/poppler/Function.cc:1067
#1 0x7fe1fa856fd6 in PostScriptFunction::exec(PSStack*, int) /home/tsdgeos/devel/poppler/poppler/Function.cc:1621
#2 0x7fe1fa854c10 in PostScriptFunction::transform(double*, double*) /home/tsdgeos/devel/poppler/poppler/Function.cc:1266
#3 0x7fe1fa854097 in PostScriptFunction::PostScriptFunction(Object*, Dict*) /home/tsdgeos/devel/poppler/poppler/Function.cc:1216
#4 0x7fe1fa84a0c2 in Function::parse(Object*, std::set<int, std::less<int>, std::allocator<int> >*) /home/tsdgeos/devel/poppler/poppler/Function.cc:98
#5 0x7fe1fa849e3c in Function::parse(Object*) /home/tsdgeos/devel/poppler/poppler/Function.cc:63
#6 0x7fe1fa8c1d8c in GfxDeviceNColorSpace::parse(Array*, OutputDev*, GfxState*, int) /home/tsdgeos/devel/poppler/poppler/GfxState.cc:2978
#7 0x7fe1fa8a6fb7 in GfxColorSpace::parse(Object*, OutputDev*, GfxState*, int) /home/tsdgeos/devel/poppler/poppler/GfxState.cc:328
#8 0x7fe1fa88440f in Gfx::doImage(Object*, Stream*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4403
#9 0x7fe1fa882d6c in Gfx::opXObject(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4179
#10 0x7fe1fa85d2c6 in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903
#11 0x7fe1fa85c49b in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762
#12 0x7fe1fa85c0ef in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728
#13 0x7fe1fa93ed81 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585
#14 0x7fe1fa9462ad in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
#15 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
#16 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
#17 0x7fe1f9f66ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#18 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
diff --git a/poppler/Function.cc b/poppler/Function.cc
index 81829ec..67283df 100644
--- a/poppler/Function.cc
+++ b/poppler/Function.cc
@@ -13,7 +13,7 @@
// All changes made under the Poppler project to this file are licensed
// under GPL version 2 or later
//
-// Copyright (C) 2006, 2008-2010, 2013 Albert Astals Cid <aacid at kde.org>
+// Copyright (C) 2006, 2008-2010, 2013, 2014 Albert Astals Cid <aacid at kde.org>
// Copyright (C) 2006 Jeff Muizelaar <jeff at infidigm.net>
// Copyright (C) 2010 Christian Feuersänger <cfeuersaenger at googlemail.com>
// Copyright (C) 2011 Andrea Canciani <ranma42 at gmail.com>
@@ -1060,10 +1060,14 @@ public:
return;
}
--sp;
- if (sp + i + 1 >= psStackSize) {
+ if (unlikely(sp + i + 1 >= psStackSize)) {
error(errSyntaxError, -1, "Stack underflow in PostScript function");
return;
}
+ if (unlikely(sp + i + 1 < 0)) {
+ error(errSyntaxError, -1, "Stack overflow in PostScript function");
+ return;
+ }
stack[sp] = stack[sp + 1 + i];
}
void pop()
commit fb7d91435c71603697b652c70cfa76dd595ee200
Author: Albert Astals Cid <aacid at kde.org>
Date: Wed Mar 26 12:08:52 2014 +0100
Fix ASAN in 750.asan.0.9621.pdf
==25876== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60040002a10f at pc 0x7fc396c3c23e bp 0x7ffff1123d20 sp 0x7ffff1123d18
READ of size 1 at 0x60040002a10f thread T0
#0 0x7fc396c3c23d in JBIG2Stream::readGenericBitmap(bool, int, int, int, bool, bool, JBIG2Bitmap*, int*, int*, int) /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:3504
#1 0x7fc396c30073 in JBIG2Stream::readSymbolDictSeg(unsigned int, unsigned int, unsigned int*, unsigned int) /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:1867
#2 0x7fc396c2d88a in JBIG2Stream::readSegments() /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:1408
#3 0x7fc396c2c6ba in JBIG2Stream::reset() /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:1248
#4 0x7fc396c783f7 in ImageStream::reset() /home/tsdgeos/devel/poppler/poppler/Stream.cc:484
#5 0x7fc396d484e4 in SplashOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, int*, bool) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:3158
#6 0x7fc396ba3cf0 in Gfx::doImage(Object*, Stream*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4653
#7 0x7fc396ba0d6c in Gfx::opXObject(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4179
#8 0x7fc396b7b2c6 in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903
#9 0x7fc396b7a49b in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762
#10 0x7fc396b7a0ef in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728
#11 0x7fc396c5cd93 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585
#12 0x7fc396c642bf in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
#13 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
#14 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
#15 0x7fc396284ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#16 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc
index 3324143..e2f8ec0 100644
--- a/poppler/JBIG2Stream.cc
+++ b/poppler/JBIG2Stream.cc
@@ -15,7 +15,7 @@
//
// Copyright (C) 2006 Raj Kumar <rkumar at archive.org>
// Copyright (C) 2006 Paul Walmsley <paul at booyaka.com>
-// Copyright (C) 2006-2010, 2012 Albert Astals Cid <aacid at kde.org>
+// Copyright (C) 2006-2010, 2012, 2014 Albert Astals Cid <aacid at kde.org>
// Copyright (C) 2009 David Benjamin <davidben at mit.edu>
// Copyright (C) 2011 Edward Jiang <ejiang at google.com>
// Copyright (C) 2012 William Bader <williambader at hotmail.com>
@@ -3499,8 +3499,9 @@ JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h,
if (atx[0] >= -8 && atx[0] <= 8) {
// set up the adaptive context
- if (y + aty[0] >= 0) {
- atP0 = bitmap->getDataPtr() + (y + aty[0]) * bitmap->getLineSize();
+ const int atY = y + aty[0];
+ if ((atY >= 0) && (atY < bitmap->getHeight())) {
+ atP0 = bitmap->getDataPtr() + atY * bitmap->getLineSize();
atBuf0 = *atP0++ << 8;
} else {
atP0 = NULL;
commit 9002b3b7cbbbc5802abfa8383ded2093a29d1746
Author: Albert Astals Cid <aacid at kde.org>
Date: Wed Mar 26 00:48:15 2014 +0100
Fix ASAN in 784.asan.0.9671.pdf
=================================================================
==24856== ERROR: AddressSanitizer: SEGV on unknown address 0x603bfffe5804 (pc 0x7f7aa3310c6b sp 0x7fff0e656bd0 bp 0x7fff0e656e90 T0)
AddressSanitizer can not provide additional info.
#0 0x7f7aa3310c6a in GfxIndexedColorSpace::mapColorToBase(GfxColor*, GfxColor*) /home/tsdgeos/devel/poppler/poppler/GfxState.cc:2509
#1 0x7f7aa33110d2 in GfxIndexedColorSpace::getRGB(GfxColor*, GfxRGB*) /home/tsdgeos/devel/poppler/poppler/GfxState.cc:2529
#2 0x7f7aa3466712 in convertGfxColor(unsigned char*, SplashColorMode, GfxColorSpace*, GfxColor*) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:117
#3 0x7f7aa34675a9 in SplashUnivariatePattern::getColor(int, int, unsigned char*) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:215
#4 0x7f7aa348d2a2 in Splash::pipeRun(SplashPipe*) /home/tsdgeos/devel/poppler/splash/Splash.cc:363
#5 0x7f7aa34c9c29 in Splash::drawAALine(SplashPipe*, int, int, int, bool, unsigned char) /home/tsdgeos/devel/poppler/splash/Splash.cc:1537
#6 0x7f7aa34c4787 in Splash::shadedFill(SplashPath*, bool, SplashPattern*) /home/tsdgeos/devel/poppler/splash/Splash.cc:6388
#7 0x7f7aa348b65c in SplashOutputDev::univariateShadedFill(GfxState*, SplashUnivariatePattern*, double, double) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:4408
#8 0x7f7aa348b93d in SplashOutputDev::radialShadedFill(GfxState*, GfxRadialShading*, double, double) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:4427
#9 0x7f7aa32c7574 in Gfx::doRadialShFill(GfxRadialShading*) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:3058
#10 0x7f7aa32c188f in Gfx::opShFill(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:2476
#11 0x7f7aa32b12c6 in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903
#12 0x7f7aa32b049b in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762
#13 0x7f7aa32b00ef in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728
#14 0x7f7aa3392dc9 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585
#15 0x7f7aa339a2f5 in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
#16 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
#17 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
#18 0x7f7aa29baec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#19 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
SUMMARY: AddressSanitizer: SEGV /home/tsdgeos/devel/poppler/poppler/GfxState.cc:2509 GfxIndexedColorSpace::mapColorToBase(GfxColor*, GfxColor*)
diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index c6f855b..addba68 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -16,7 +16,7 @@
// Copyright (C) 2005 Kristian Høgsberg <krh at redhat.com>
// Copyright (C) 2006, 2007 Jeff Muizelaar <jeff at infidigm.net>
// Copyright (C) 2006, 2010 Carlos Garcia Campos <carlosgc at gnome.org>
-// Copyright (C) 2006-2013 Albert Astals Cid <aacid at kde.org>
+// Copyright (C) 2006-2014 Albert Astals Cid <aacid at kde.org>
// Copyright (C) 2009, 2012 Koji Otani <sho at bbr.jp>
// Copyright (C) 2009, 2011-2013 Thomas Freitag <Thomas.Freitag at alfa.de>
// Copyright (C) 2009 Christian Persch <chpe at gnome.org>
@@ -2503,7 +2503,7 @@ GfxColor *GfxIndexedColorSpace::mapColorToBase(GfxColor *color,
n = base->getNComps();
base->getDefaultRanges(low, range, indexHigh);
const int idx = (int)(colToDbl(color->c[0]) + 0.5) * n;
- if (likely(idx + n < (indexHigh + 1) * base->getNComps())) {
+ if (likely((idx + n < (indexHigh + 1) * base->getNComps()) && idx >= 0)) {
p = &lookup[idx];
for (i = 0; i < n; ++i) {
baseColor->c[i] = dblToCol(low[i] + (p[i] / 255.0) * range[i]);
commit 8947c6bc1dcb768b9d9c03a7a5db1573abdc2e87
Author: Albert Astals Cid <aacid at kde.org>
Date: Wed Mar 26 00:47:59 2014 +0100
Forgot my (C) in the last commit
diff --git a/poppler/TextOutputDev.cc b/poppler/TextOutputDev.cc
index 7bf7012..4b7ff40 100644
--- a/poppler/TextOutputDev.cc
+++ b/poppler/TextOutputDev.cc
@@ -20,7 +20,7 @@
// Copyright (C) 2006 Jeff Muizelaar <jeff at infidigm.net>
// Copyright (C) 2007, 2008, 2012 Adrian Johnson <ajohnson at redneon.com>
// Copyright (C) 2008 Koji Otani <sho at bbr.jp>
-// Copyright (C) 2008, 2010-2012 Albert Astals Cid <aacid at kde.org>
+// Copyright (C) 2008, 2010-2012, 2014 Albert Astals Cid <aacid at kde.org>
// Copyright (C) 2008 Pino Toscano <pino at kde.org>
// Copyright (C) 2008, 2010 Hib Eris <hib at hiberis.nl>
// Copyright (C) 2009 Ross Moore <ross at maths.mq.edu.au>
More information about the poppler
mailing list