[poppler] 2 commits - splash/SplashFont.cc splash/SplashXPathScanner.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Thu Mar 27 15:56:41 PDT 2014
splash/SplashFont.cc | 13 +++++++++----
splash/SplashXPathScanner.cc | 4 ++--
2 files changed, 11 insertions(+), 6 deletions(-)
New commits:
commit 5055479634dc8d0cd5afb3373de600fb121357fe
Author: Albert Astals Cid <aacid at kde.org>
Date: Thu Mar 27 23:54:20 2014 +0100
Fix error reported by ASAN in 2010.asan.0.1506.pdf
==18859== ERROR: AddressSanitizer: unknown-crash on address 0x7f1e4a6beb50 at pc 0x7f1e5557444d bp 0x7fff6af3c340 sp 0x7fff6af3bb00
WRITE of size 442216446 at 0x7f1e4a6beb50 thread T0
#0 0x7f1e5557444c (/usr/lib/x86_64-linux-gnu/libasan.so.0+0xe44c)
#1 0x7f1e550e04ff in SplashFont::getGlyph(int, int, int, SplashGlyphBitmap*, int, int, SplashClip*, SplashClipResult*) /home/tsdgeos/devel/poppler/splash/SplashFont.cc:206
#2 0x7f1e550d9c69 in SplashFTFont::getGlyph(int, int, int, SplashGlyphBitmap*, int, int, SplashClip*, SplashClipResult*) /home/tsdgeos/devel/poppler/splash/SplashFTFont.cc:233
#3 0x7f1e550a5368 in Splash::fillChar(double, double, int, SplashFont*) /home/tsdgeos/devel/poppler/splash/Splash.cc:2714
#4 0x7f1e55078a20 in SplashOutputDev::drawChar(GfxState*, double, double, double, double, double, double, unsigned int, int, unsigned int*, int) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:2270
#5 0x7f1e54ed9599 in Gfx::doShowText(GooString*) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4054
#6 0x7f1e54ed6db0 in Gfx::opShowSpaceText(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:3886
#7 0x7f1e54eb533a in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903
#8 0x7f1e54eb450f in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762
#9 0x7f1e54eb4163 in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728
#10 0x7f1e54f96dd1 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585
#11 0x7f1e54f9e2fd in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
#12 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
#13 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
#14 0x7f1e545beec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#15 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
diff --git a/splash/SplashFont.cc b/splash/SplashFont.cc
index 2bfcdc8..3d6d6b2 100644
--- a/splash/SplashFont.cc
+++ b/splash/SplashFont.cc
@@ -11,7 +11,7 @@
// All changes made under the Poppler project to this file are licensed
// under GPL version 2 or later
//
-// Copyright (C) 2007-2008, 2010 Albert Astals Cid <aacid at kde.org>
+// Copyright (C) 2007-2008, 2010, 2014 Albert Astals Cid <aacid at kde.org>
//
// To see a description of the changes please see the Changelog file that
// came with your tarball or type make ChangeLog if you are building from git
@@ -24,6 +24,7 @@
#pragma implementation
#endif
+#include <limits.h>
#include <string.h>
#include "goo/gmem.h"
#include "SplashMath.h"
@@ -71,10 +72,14 @@ void SplashFont::initCache() {
// deal with rounding errors
glyphW = xMax - xMin + 3;
glyphH = yMax - yMin + 3;
- if (aa) {
- glyphSize = glyphW * glyphH;
+ if (glyphW > INT_MAX / glyphH) {
+ glyphSize = -1;
} else {
- glyphSize = ((glyphW + 7) >> 3) * glyphH;
+ if (aa) {
+ glyphSize = glyphW * glyphH;
+ } else {
+ glyphSize = ((glyphW + 7) >> 3) * glyphH;
+ }
}
// set up the glyph pixmap cache
commit 3e7779935ec2610410bc4a42e9b0174e41ca9672
Author: Albert Astals Cid <aacid at kde.org>
Date: Thu Mar 27 16:49:57 2014 +0100
Fix error reported by ASAN in 139.asan.0.581.pdf
==15244== ERROR: AddressSanitizer: SEGV on unknown address 0x605df000f3ee (pc 0x7f1087b3a22e sp 0x7fffec30ff20 bp 0x7fffec30ff80 T0)
AddressSanitizer can not provide additional info.
#0 0x7f1087b3a22d (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x48f22d)
#1 0x7f1087b19d92 (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x46ed92)
#2 0x7f1087ae570b (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x43a70b)
#3 0x7f1087ae4061 (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x439061)
#4 0x7f1087ab9b38 (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x40eb38)
#5 0x7f1087900989 (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x255989)
#6 0x7f10878f733a (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x24c33a)
#7 0x7f10878f650f (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x24b50f)
#8 0x7f10878f6163 (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x24b163)
#9 0x7f10879d8dd1 (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x32ddd1)
#10 0x7f10879e02fd (/home/tsdgeos/devel/poppler/build-debug/libpoppler.so.46.0.0+0x3352fd)
#11 0x40311e (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x40311e)
#12 0x404416 (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x404416)
#13 0x7f1087000ec4 (/lib/x86_64-linux-gnu/libc-2.19.so+0x21ec4)
#14 0x401d58 (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
diff --git a/splash/SplashXPathScanner.cc b/splash/SplashXPathScanner.cc
index 0fd5ccd..52ac1c2 100644
--- a/splash/SplashXPathScanner.cc
+++ b/splash/SplashXPathScanner.cc
@@ -11,7 +11,7 @@
// All changes made under the Poppler project to this file are licensed
// under GPL version 2 or later
//
-// Copyright (C) 2008, 2010 Albert Astals Cid <aacid at kde.org>
+// Copyright (C) 2008, 2010, 2014 Albert Astals Cid <aacid at kde.org>
// Copyright (C) 2010 Paweł Wiejacha <pawel.wiejacha at gmail.com>
// Copyright (C) 2013 Thomas Freitag <Thomas.Freitag at alfa.de>
//
@@ -514,7 +514,7 @@ void SplashXPathScanner::clipAALine(SplashBitmap *aaBuf,
xx0 = (*x1 + 1) * splashAASize;
if (xx0 > aaBuf->getWidth()) xx0 = aaBuf->getWidth();
// set [xx, xx0) to 0
- if (xx < xx0) {
+ if (xx < xx0 && xx >= 0) {
p = aaBuf->getDataPtr() + yy * aaBuf->getRowSize() + (xx >> 3);
if (xx & 7) {
mask = (Guchar)(0xff00 >> (xx & 7));
More information about the poppler
mailing list