[poppler] poppler/GfxState.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Thu Jul 4 09:16:06 UTC 2019
poppler/GfxState.cc | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
New commits:
commit 37659c01087eb8b25a5a593268f1acf52e6624f7
Author: Albert Astals Cid <aacid at kde.org>
Date: Thu Jul 4 11:06:24 2019 +0200
Account for verticesA possible overflow in GfxGouraudTriangleShading::parse
fixes oss-fuzz file abort
diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index a562a6ce..33d2aaf4 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -4877,7 +4877,13 @@ GfxGouraudTriangleShading *GfxGouraudTriangleShading::parse(GfxResources *res, i
int oldVertSize = vertSize;
vertSize = (vertSize == 0) ? 16 : 2 * vertSize;
verticesA = (GfxGouraudVertex *)
- greallocn(verticesA, vertSize, sizeof(GfxGouraudVertex));
+ greallocn_checkoverflow(verticesA, vertSize, sizeof(GfxGouraudVertex));
+ if (unlikely(!verticesA)) {
+ error(errSyntaxWarning, -1, "GfxGouraudTriangleShading::parse: vertices size overflow");
+ gfree(trianglesA);
+ delete bitBuf;
+ return nullptr;
+ }
memset(verticesA + oldVertSize, 0, (vertSize - oldVertSize) * sizeof(GfxGouraudVertex));
}
verticesA[nVerticesA].x = xMin + xMul * (double)x;
More information about the poppler
mailing list