[poppler] splash/Splash.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Thu Jul 19 15:57:14 UTC 2018
splash/Splash.cc | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
New commits:
commit 8bc5acb1c18e77e912b7d9caa7f73e6969d1dede
Author: Albert Astals Cid <aacid at kde.org>
Date: Thu Jul 19 17:55:13 2018 +0200
Splash::arbitraryTransformMask: Set clipRes to splashClipPartial in some if branches
If xx or yy are not in the expected bounds something went wrong so
don't assume we're still inside the valid area for the destination either
fixes oss-fuzz/9382
diff --git a/splash/Splash.cc b/splash/Splash.cc
index 90cdf126..1cd7fb22 100644
--- a/splash/Splash.cc
+++ b/splash/Splash.cc
@@ -3270,15 +3270,19 @@ void Splash::arbitraryTransformMask(SplashImageMaskSource src, void *srcData,
((SplashCoord)y + 0.5 - mat[5]) * ir11);
// xx should always be within bounds, but floating point
// inaccuracy can cause problems
- if (xx < 0) {
+ if (unlikely(xx < 0)) {
xx = 0;
- } else if (xx >= scaledWidth) {
+ clipRes2 = splashClipPartial;
+ } else if (unlikely(xx >= scaledWidth)) {
xx = scaledWidth - 1;
+ clipRes2 = splashClipPartial;
}
- if (yy < 0) {
+ if (unlikely(yy < 0)) {
yy = 0;
- } else if (yy >= scaledHeight) {
+ clipRes2 = splashClipPartial;
+ } else if (unlikely(yy >= scaledHeight)) {
yy = scaledHeight - 1;
+ clipRes2 = splashClipPartial;
}
pipe.shape = scaledMask->data[yy * scaledWidth + xx];
if (vectorAntialias && clipRes2 != splashClipAllInside) {
More information about the poppler
mailing list