[poppler] poppler/GfxState.cc
Albert Astals Cid
aacid at kemper.freedesktop.org
Mon May 28 15:46:06 UTC 2018
poppler/GfxState.cc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
New commits:
commit 10a3dc2a9c92349e498ea36bb342b821dcfc9d76
Author: Albert Astals Cid <aacid at kde.org>
Date: Mon May 28 17:44:34 2018 +0200
GfxState.cc: Fix undefined behaviour when compBits is 31
it's a technical issue since according to spec biggest
valid value for compBits is 16, but this is simpler imho
fixes oss-fuzz/8582
diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index d459e73f..0ef42a43 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -4828,7 +4828,7 @@ GfxGouraudTriangleShading *GfxGouraudTriangleShading::parse(GfxResources *res, i
for (i = 0; 5 + 2*i < obj1.arrayGetLength() && i < gfxColorMaxComps; ++i) {
cMin[i] = (obj2 = obj1.arrayGet(4 + 2*i), obj2.getNum(&decodeOk));
cMax[i] = (obj2 = obj1.arrayGet(5 + 2*i), obj2.getNum(&decodeOk));
- cMul[i] = (cMax[i] - cMin[i]) / (double)((1 << compBits) - 1);
+ cMul[i] = (cMax[i] - cMin[i]) / (double)((1u << compBits) - 1);
}
nComps = i;
@@ -5173,7 +5173,7 @@ GfxPatchMeshShading *GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
for (i = 0; 5 + 2*i < obj1.arrayGetLength() && i < gfxColorMaxComps; ++i) {
cMin[i] = (obj2 = obj1.arrayGet(4 + 2*i), obj2.getNum(&decodeOk));
cMax[i] = (obj2 = obj1.arrayGet(5 + 2*i), obj2.getNum(&decodeOk));
- cMul[i] = (cMax[i] - cMin[i]) / (double)((1 << compBits) - 1);
+ cMul[i] = (cMax[i] - cMin[i]) / (double)((1u << compBits) - 1);
}
nComps = i;
More information about the poppler
mailing list