[poppler] poppler/SplashOutputDev.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Fri May 25 14:42:16 UTC 2018
poppler/SplashOutputDev.cc | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
New commits:
commit c75500bf6b2af4b9a26467ce55d1f2879e916b79
Author: Albert Astals Cid <aacid at kde.org>
Date: Fri May 25 16:41:36 2018 +0200
T3FontCache: change the order in which the overflow checks are done
fixes oss-fuzz/8479
diff --git a/poppler/SplashOutputDev.cc b/poppler/SplashOutputDev.cc
index 00486d9c..e70f920f 100644
--- a/poppler/SplashOutputDev.cc
+++ b/poppler/SplashOutputDev.cc
@@ -1256,7 +1256,6 @@ T3FontCache::T3FontCache(const Ref *fontIDA, double m11A, double m12A,
double m21A, double m22A,
int glyphXA, int glyphYA, int glyphWA, int glyphHA,
GBool validBBoxA, GBool aa) {
- int i;
fontID = *fontIDA;
m11 = m11A;
@@ -1270,8 +1269,7 @@ T3FontCache::T3FontCache(const Ref *fontIDA, double m11A, double m12A,
validBBox = validBBoxA;
// sanity check for excessively large glyphs (which most likely
// indicate an incorrect BBox)
- i = glyphW * glyphH;
- if (i > 100000 || glyphW > INT_MAX / glyphH || glyphW <= 0 || glyphH <= 0) {
+ if (glyphW > INT_MAX / glyphH || glyphW <= 0 || glyphH <= 0 || glyphW * glyphH > 100000) {
glyphW = glyphH = 100;
validBBox = gFalse;
}
@@ -1298,7 +1296,7 @@ T3FontCache::T3FontCache(const Ref *fontIDA, double m11A, double m12A,
{
cacheTags = (T3FontCacheTag *)gmallocn(cacheSets * cacheAssoc,
sizeof(T3FontCacheTag));
- for (i = 0; i < cacheSets * cacheAssoc; ++i) {
+ for (int i = 0; i < cacheSets * cacheAssoc; ++i) {
cacheTags[i].mru = i & (cacheAssoc - 1);
}
}
More information about the poppler
mailing list