[poppler] splash/Splash.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Wed Dec 2 00:02:10 UTC 2020
splash/Splash.cc | 8 ++++++++
1 file changed, 8 insertions(+)
New commits:
commit ac5c7c1c7621bd64ebc0b1382d938d9ff727c8e9
Author: Albert Astals Cid <aacid at kde.org>
Date: Wed Dec 2 00:56:38 2020 +0100
Prevent undefined storing of a too small float in an integer
oss-fuzz/25488
diff --git a/splash/Splash.cc b/splash/Splash.cc
index 11393ce7..b3ed3d6f 100644
--- a/splash/Splash.cc
+++ b/splash/Splash.cc
@@ -2829,6 +2829,14 @@ void Splash::arbitraryTransformMask(SplashImageMaskSource src, void *srcData, in
vx[3] = mat[0] + mat[4];
vy[3] = mat[1] + mat[5];
+ // make sure cx/vy fit in integers since we're transforming them to in the next lines
+ for (i = 0; i < 4; ++i) {
+ if (unlikely(vx[i] < INT_MIN || vx[i] > INT_MAX || vy[i] < INT_MIN || vy[i] > INT_MAX)) {
+ error(errInternal, -1, "arbitraryTransformMask vertices values don't fit in an integer");
+ return;
+ }
+ }
+
// clipping
xMin = imgCoordMungeLowerC(vx[0], glyphMode);
xMax = imgCoordMungeUpperC(vx[0], glyphMode);
More information about the poppler
mailing list