[poppler] poppler/PSOutputDev.cc
GitLab Mirror
gitlab-mirror at kemper.freedesktop.org
Sun Jan 3 18:26:43 UTC 2021
poppler/PSOutputDev.cc | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
New commits:
commit bc6acbfff6afa7d720abe7f79abe02e5a6591ef4
Author: Albert Astals Cid <aacid at kde.org>
Date: Sun Jan 3 19:20:45 2021 +0100
PSOutputDev: fix a few integer overflows
Now that we have oss-fuzz coverage i guess more will be coming soon ^_^
oss-fuzz/29199
diff --git a/poppler/PSOutputDev.cc b/poppler/PSOutputDev.cc
index e97cb501..19c1960f 100644
--- a/poppler/PSOutputDev.cc
+++ b/poppler/PSOutputDev.cc
@@ -1185,7 +1185,11 @@ static const StandardMedia standardMedia[] = { { "A0", 2384, 3371 }, { "A1"
/* PLRM specifies a tolerance of 5 points when matching page sizes */
static bool pageDimensionEqual(int a, int b)
{
- return (abs(a - b) < 5);
+ int aux;
+ if (unlikely(checkedSubtraction(a, b, &aux))) {
+ return false;
+ }
+ return (abs(aux) < 5);
}
// Shared initialization of PSOutputDev members.
@@ -3676,7 +3680,10 @@ void PSOutputDev::startPage(int pageNum, GfxState *state, XRef *xrefA)
y1 = (int)floor(state->getY1());
x2 = (int)ceil(state->getX2());
y2 = (int)ceil(state->getY2());
- width = x2 - x1;
+ if (unlikely(checkedSubtraction(x2, x1, &width))) {
+ error(errSyntaxError, -1, "width too big");
+ return;
+ }
height = y2 - y1;
tx = ty = 0;
// rotation and portrait/landscape mode
More information about the poppler
mailing list