[poppler] 2 commits - poppler/Function.cc poppler/GfxState.cc

Albert Astals Cid aacid at kemper.freedesktop.org
Mon Jun 19 21:37:29 UTC 2017 

Rebased ref, commits from common ancestor:
commit adf535d60666ce6da34fa161d4ad610b47f2aa9f
Author: Albert Astals Cid <aacid at kde.org>
Date:   Mon Jun 19 23:35:29 2017 +0200

    Fix crash on malformed files
    
    Bug #101502

diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index b17925f4..e6cd329b 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -4036,6 +4036,12 @@ void GfxUnivariateShading::getColor(double t, GfxColor *color) {
   double out[gfxColorMaxComps];
   int i, nComps;
 
+  if (unlikely(nFuncs < 1)) {
+    for (int i = 0; i < gfxColorMaxComps; i++)
+        color->c[i] = 0;
+    return;
+  }
+
   // NB: there can be one function with n outputs or n functions with
   // one output each (where n = number of color components)
   nComps = nFuncs * funcs[0]->getOutputSize();
@@ -4089,6 +4095,9 @@ void GfxUnivariateShading::setupCache(const Matrix *ctm,
   cacheBounds = NULL;
   cacheSize = 0;
 
+  if (unlikely(nFuncs < 1))
+    return;
+
   // NB: there can be one function with n outputs or n functions with
   // one output each (where n = number of color components)
   nComps = nFuncs * funcs[0]->getOutputSize();
commit 3ba76d095418402ac6a29ebe8bf5567c19bfa41f
Author: Albert Astals Cid <aacid at kde.org>
Date:   Mon Jun 19 23:18:51 2017 +0200

    Fix crash on malformed files
    
    Bug #101500

diff --git a/poppler/Function.cc b/poppler/Function.cc
index 7f359b8e..785933df 100644
--- a/poppler/Function.cc
+++ b/poppler/Function.cc
@@ -13,7 +13,7 @@
 // All changes made under the Poppler project to this file are licensed
 // under GPL version 2 or later
 //
-// Copyright (C) 2006, 2008-2010, 2013-2015 Albert Astals Cid <aacid at kde.org>
+// Copyright (C) 2006, 2008-2010, 2013-2015, 2017 Albert Astals Cid <aacid at kde.org>
 // Copyright (C) 2006 Jeff Muizelaar <jeff at infidigm.net>
 // Copyright (C) 2010 Christian Feuersänger <cfeuersaenger at googlemail.com>
 // Copyright (C) 2011 Andrea Canciani <ranma42 at gmail.com>
@@ -1623,7 +1623,9 @@ void PostScriptFunction::exec(PSStack *stack, int codePtr) {
       case psOpIdiv:
 	i2 = stack->popInt();
 	i1 = stack->popInt();
-	stack->pushInt(i1 / i2);
+	if (likely(i2 != 0)) {
+	  stack->pushInt(i1 / i2);
+	}
 	break;
       case psOpIndex:
 	stack->index(stack->popInt());
@@ -1659,7 +1661,9 @@ void PostScriptFunction::exec(PSStack *stack, int codePtr) {
       case psOpMod:
 	i2 = stack->popInt();
 	i1 = stack->popInt();
-	stack->pushInt(i1 % i2);
+	if (likely(i2 != 0)) {
+	  stack->pushInt(i1 % i2);
+	}
 	break;
       case psOpMul:
 	if (stack->topTwoAreInts()) {

More information about the poppler mailing list