[poppler] splash/SplashPath.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Thu Aug 30 16:56:28 UTC 2018
splash/SplashPath.cc | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
New commits:
commit 23d570a6f47bc9bc7bf0bcb5dd561885c9a2c55a
Author: Albert Astals Cid <aacid at kde.org>
Date: Thu Aug 30 18:54:55 2018 +0200
SplashPath: Check for overflow
fixes oss-fuzz/10120
diff --git a/splash/SplashPath.cc b/splash/SplashPath.cc
index 5a333161..d77fd03b 100644
--- a/splash/SplashPath.cc
+++ b/splash/SplashPath.cc
@@ -12,6 +12,7 @@
// under GPL version 2 or later
//
// Copyright (C) 2018 Stefan BrĂ¼ns <stefan.bruens at rwth-aachen.de>
+// Copyright (C) 2018 Albert Astals Cid <aacid at kde.org>
//
// To see a description of the changes please see the Changelog file that
// came with your tarball or type make ChangeLog if you are building from git
@@ -26,6 +27,7 @@
#include <string.h>
#include "goo/gmem.h"
+#include "goo/GooLikely.h"
#include "SplashErrorCodes.h"
#include "SplashPath.h"
@@ -89,8 +91,11 @@ void SplashPath::grow(int nPts) {
while (size < length + nPts) {
size *= 2;
}
- pts = (SplashPathPoint *)greallocn(pts, size, sizeof(SplashPathPoint));
- flags = (Guchar *)greallocn(flags, size, sizeof(Guchar));
+ pts = (SplashPathPoint *)greallocn_checkoverflow(pts, size, sizeof(SplashPathPoint));
+ flags = (Guchar *)greallocn_checkoverflow(flags, size, sizeof(Guchar));
+ if (unlikely(!pts || !flags)) {
+ length = size = 0;
+ }
}
}
@@ -111,6 +116,8 @@ SplashError SplashPath::moveTo(SplashCoord x, SplashCoord y) {
return splashErrBogusPath;
}
grow(1);
+ if (unlikely(length == 0))
+ return splashErrBogusPath;
pts[length].x = x;
pts[length].y = y;
flags[length] = splashPathFirst | splashPathLast;
More information about the poppler
mailing list