[poppler] splash/Splash.cc splash/SplashPath.cc
Albert Astals Cid
aacid at kde.org
Sun Sep 6 08:44:29 UTC 2020
El diumenge, 6 de setembre de 2020, a les 3:47:51 CEST, William Bader va escriure:
> Should tests for != splashOk be wrapped in unlikely()?
I guess it wouldn't hurt, OTOH last time i checked unlikely wasn't really helping much, seems the compiler guesses most of the time which is the normal path and the error path, but if you want to propose some patches i think we can accept them, sometimes unlikely even helps the reader realizing "this is really really something that 'never' happens".
Cheers,
Albert
>
> ________________________________
> From: poppler <poppler-bounces at lists.freedesktop.org> on behalf of GitLab Mirror <gitlab-mirror at kemper.freedesktop.org>
> Sent: Saturday, September 5, 2020 3:41 PM
> To: poppler at lists.freedesktop.org <poppler at lists.freedesktop.org>
> Subject: [poppler] splash/Splash.cc splash/SplashPath.cc
>
> splash/Splash.cc | 4 +++-
> splash/SplashPath.cc | 10 ++++++++--
> 2 files changed, 11 insertions(+), 3 deletions(-)
>
> New commits:
> commit c47713528f770ac89c90d662aae72c7e48c9497b
> Author: Albert Astals Cid <aacid at kde.org>
> Date: Sat Sep 5 21:26:37 2020 +0200
>
> addStrokeAdjustHint(): fix crash in out-of-memory situation.
>
> Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25411
>
> #0 0xf7ef8f19 in [vdso]
> #1 0xf7ccdd08 in gsignal (/lib32/libc.so.6+0x2bd08)
> #2 0xf7ccf206 in abort (/lib32/libc.so.6+0x2d206)
> #3 0xbdb9c2e in grealloc(void*, unsigned int, bool) gdal/poppler/goo/gmem.h:85:5
> #4 0xbdd9e11 in greallocn(void*, int, int, bool, bool) gdal/poppler/goo/gmem.h:171:12
> #5 0xc012373 in SplashPath::addStrokeAdjustHint(int, int, int, int) gdal/poppler/splash/SplashPath.cc:211:35
> #6 0xbfd156f in Splash::makeStrokePath(SplashPath*, double, bool) gdal/poppler/splash/Splash.cc:5987:34
> #7 0xbfcaec2 in Splash::strokeWide(SplashPath*, double) gdal/poppler/splash/Splash.cc:2028:13
> #8 0xbfc8a4d in Splash::stroke(SplashPath*) /src/gdal/poppler/splash/Splash.cc
>
> Based on patch by Even Rouault
>
> diff --git a/splash/Splash.cc b/splash/Splash.cc
> index a020c749..584e65c7 100644
> --- a/splash/Splash.cc
> +++ b/splash/Splash.cc
> @@ -5844,7 +5844,9 @@ SplashPath *Splash::makeStrokePath(SplashPath *path, SplashCoord w, bool flatten
> wdy = (SplashCoord)0.5 * w * dy;
>
> // draw the start cap
> - pathOut->moveTo(pathIn->pts[i0].x - wdy, pathIn->pts[i0].y + wdx);
> + if (pathOut->moveTo(pathIn->pts[i0].x - wdy, pathIn->pts[i0].y + wdx) != splashOk) {
> + break;
> + }
> if (i0 == subpathStart0) {
> firstPt = pathOut->length - 1;
> }
> diff --git a/splash/SplashPath.cc b/splash/SplashPath.cc
> index 33216cfb..7c7e8523 100644
> --- a/splash/SplashPath.cc
> +++ b/splash/SplashPath.cc
> @@ -196,7 +196,10 @@ SplashError SplashPath::close(bool force)
> return splashErrNoCurPt;
> }
> if (force || curSubpath == length - 1 || pts[length - 1].x != pts[curSubpath].x || pts[length - 1].y != pts[curSubpath].y) {
> - lineTo(pts[curSubpath].x, pts[curSubpath].y);
> + const auto lineToStatus = lineTo(pts[curSubpath].x, pts[curSubpath].y);
> + if (lineToStatus != splashOk) {
> + return lineToStatus;
> + }
> }
> flags[curSubpath] |= splashPathClosed;
> flags[length - 1] |= splashPathClosed;
> @@ -208,7 +211,10 @@ void SplashPath::addStrokeAdjustHint(int ctrl0, int ctrl1, int firstPt, int last
> {
> if (hintsLength == hintsSize) {
> hintsSize = hintsLength ? 2 * hintsLength : 8;
> - hints = (SplashPathHint *)greallocn(hints, hintsSize, sizeof(SplashPathHint));
> + hints = (SplashPathHint *)greallocn_checkoverflow(hints, hintsSize, sizeof(SplashPathHint));
> + }
> + if (unlikely(!hints)) {
> + return;
> }
> hints[hintsLength].ctrl0 = ctrl0;
> hints[hintsLength].ctrl1 = ctrl1;
> _______________________________________________
> poppler mailing list
> poppler at lists.freedesktop.org
> https://lists.freedesktop.org/mailman/listinfo/poppler
>
More information about the poppler
mailing list