[poppler] poppler/GfxState.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Wed Jan 10 23:28:22 UTC 2018
poppler/GfxState.cc | 18 ++++++++++++------
1 file changed, 12 insertions(+), 6 deletions(-)
New commits:
commit 10831921281f75b4b2c05ab85f4093331788e6a8
Author: Albert Astals Cid <aacid at kde.org>
Date: Thu Jan 11 00:27:50 2018 +0100
GfxGouraudTriangleShading::parse: Don't abort on malformed documents
Bug #104567
diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index 7b241421..360c599f 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -4787,18 +4787,24 @@ GfxGouraudTriangleShading *GfxGouraudTriangleShading::parse(GfxResources *res, i
obj1 = dict->lookup("Decode");
if (obj1.isArray() && obj1.arrayGetLength() >= 6) {
Object obj2;
- xMin = (obj2 = obj1.arrayGet(0), obj2.getNum());
- xMax = (obj2 = obj1.arrayGet(1), obj2.getNum());
+ bool decodeOk = true;
+ xMin = (obj2 = obj1.arrayGet(0), obj2.getNum(&decodeOk));
+ xMax = (obj2 = obj1.arrayGet(1), obj2.getNum(&decodeOk));
xMul = (xMax - xMin) / (pow(2.0, coordBits) - 1);
- yMin = (obj2 = obj1.arrayGet(2), obj2.getNum());
- yMax = (obj2 = obj1.arrayGet(3), obj2.getNum());
+ yMin = (obj2 = obj1.arrayGet(2), obj2.getNum(&decodeOk));
+ yMax = (obj2 = obj1.arrayGet(3), obj2.getNum(&decodeOk));
yMul = (yMax - yMin) / (pow(2.0, coordBits) - 1);
for (i = 0; 5 + 2*i < obj1.arrayGetLength() && i < gfxColorMaxComps; ++i) {
- cMin[i] = (obj2 = obj1.arrayGet(4 + 2*i), obj2.getNum());
- cMax[i] = (obj2 = obj1.arrayGet(5 + 2*i), obj2.getNum());
+ cMin[i] = (obj2 = obj1.arrayGet(4 + 2*i), obj2.getNum(&decodeOk));
+ cMax[i] = (obj2 = obj1.arrayGet(5 + 2*i), obj2.getNum(&decodeOk));
cMul[i] = (cMax[i] - cMin[i]) / (double)((1 << compBits) - 1);
}
nComps = i;
+
+ if (!decodeOk) {
+ error(errSyntaxWarning, -1, "Missing or invalid Decode array in shading dictionary");
+ return nullptr;
+ }
} else {
error(errSyntaxWarning, -1, "Missing or invalid Decode array in shading dictionary");
return nullptr;
More information about the poppler
mailing list