[poppler] splash/SplashPath.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Fri Aug 31 20:06:10 UTC 2018
splash/SplashPath.cc | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
New commits:
commit bb078cbd88252e421d14747b98c5c71062cf7571
Author: Adam Reichold <adam.reichold at t-online.de>
Date: Fri Aug 31 20:18:23 2018 +0200
Always check for allocation failure after calling SplashPath::grow and also set curSubpath to zero so that noCurrentPoint applies after allocation failure. oss-fuzz/10148
diff --git a/splash/SplashPath.cc b/splash/SplashPath.cc
index 188279e8..1de0dc97 100644
--- a/splash/SplashPath.cc
+++ b/splash/SplashPath.cc
@@ -111,7 +111,7 @@ void SplashPath::grow(int nPts) {
pts = (SplashPathPoint *)greallocn_checkoverflow(pts, size, sizeof(SplashPathPoint));
flags = (Guchar *)greallocn_checkoverflow(flags, size, sizeof(Guchar));
if (unlikely(!pts || !flags)) {
- length = size = 0;
+ length = size = curSubpath = 0;
}
}
}
@@ -119,8 +119,11 @@ void SplashPath::grow(int nPts) {
void SplashPath::append(SplashPath *path) {
int i;
- curSubpath = length + path->curSubpath;
grow(path->length);
+ if (unlikely(size == 0))
+ return;
+
+ curSubpath = length + path->curSubpath;
for (i = 0; i < path->length; ++i) {
pts[length] = path->pts[i];
flags[length] = path->flags[i];
@@ -148,6 +151,8 @@ SplashError SplashPath::lineTo(SplashCoord x, SplashCoord y) {
}
flags[length-1] &= ~splashPathLast;
grow(1);
+ if (unlikely(size == 0))
+ return splashErrBogusPath;
pts[length].x = x;
pts[length].y = y;
flags[length] = splashPathLast;
@@ -163,6 +168,8 @@ SplashError SplashPath::curveTo(SplashCoord x1, SplashCoord y1,
}
flags[length-1] &= ~splashPathLast;
grow(3);
+ if (unlikely(size == 0))
+ return splashErrBogusPath;
pts[length].x = x1;
pts[length].y = y1;
flags[length] = splashPathCurve;
More information about the poppler
mailing list