[poppler] poppler/SplashOutputDev.cc

[Albert Astals Cid]

 poppler/SplashOutputDev.cc |   10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

New commits:
commit f966b9096d046aaee4891de11f74207218cc929b
Author: Albert Astals Cid <aacid at kde.org>
Date:   Thu May 24 23:58:41 2018 +0200

    SplashOutputDev::drawSoftMaskedImage: Fix uninitialized memory read
    
    It can happen that maskStr->doGetChars doesn't give us the number
    of chars we wanted, if that happens just set the remainder to zero

diff --git a/poppler/SplashOutputDev.cc b/poppler/SplashOutputDev.cc
index a7d035ce..00486d9c 100644
--- a/poppler/SplashOutputDev.cc
+++ b/poppler/SplashOutputDev.cc
@@ -3988,11 +3988,15 @@ void SplashOutputDev::drawSoftMaskedImage(GfxState *state, Object *ref,
   //----- set up the soft mask
 
   if (maskColorMap->getMatteColor() != nullptr) {
-    Guchar *data = (Guchar *) gmalloc(maskWidth * maskHeight);
+    const int maskChars = maskWidth * maskHeight;
+    Guchar *data = (Guchar *) gmalloc(maskChars);
     maskStr->reset();
-    maskStr->doGetChars(maskWidth * maskHeight, data);
+    const int readChars = maskStr->doGetChars(maskChars, data);
+    if (unlikely(readChars < maskChars)) {
+      memset(&data[readChars], 0, maskChars - readChars);
+    }
     maskStr->close();
-    maskStr = new AutoFreeMemStream((char *)data, 0, maskWidth * maskHeight, maskStr->getDictObject()->copy());
+    maskStr = new AutoFreeMemStream((char *)data, 0, maskChars, maskStr->getDictObject()->copy());
   }
   imgMaskData.imgStr = new ImageStream(maskStr, maskWidth,
 				       maskColorMap->getNumPixelComps(),