[poppler] 3 commits - poppler/Gfx.cc poppler/Stream.cc

GitLab Mirror gitlab-mirror at kemper.freedesktop.org
Fri Jan 15 18:17:42 UTC 2021 

 poppler/Gfx.cc    |    5 +++--
 poppler/Stream.cc |    2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

New commits:
commit 4becde57a2fdfd095e400dd9ef64e64d5e94f858
Author: Albert Astals Cid <aacid at kde.org>
Date:   Fri Jan 15 16:08:15 2021 +0100

    CCITTFaxStream: Fix uninitialized memory read in broken files
    
    oss-fuzz/8795

diff --git a/poppler/Stream.cc b/poppler/Stream.cc
index 666d5b2a..a1c8b094 100644
--- a/poppler/Stream.cc
+++ b/poppler/Stream.cc
@@ -1893,7 +1893,7 @@ inline void CCITTFaxStream::addPixelsNeg(int a1, int blackPixels)
         if (a1 < 0) {
             error(errSyntaxError, getPos(), "Invalid CCITTFax code");
             err = true;
-            a1 = 0;
+            a1 = columns;
         }
         while (a0i > 0 && a1 <= codingLine[a0i - 1]) {
             --a0i;
commit c0f34e983761b15e2c9d5fa6628f26fa7d362548
Author: Albert Astals Cid <aacid at kde.org>
Date:   Fri Jan 15 16:04:46 2021 +0100

    Relax the check in Gfx::opSetFillGray

diff --git a/poppler/Gfx.cc b/poppler/Gfx.cc
index 44575569..34a02d53 100644
--- a/poppler/Gfx.cc
+++ b/poppler/Gfx.cc
@@ -1310,7 +1310,7 @@ void Gfx::opSetFillGray(Object args[], int numArgs)
     if (!obj.isNull()) {
         colorSpace = GfxColorSpace::parse(res, &obj, out, state);
     }
-    if (colorSpace == nullptr || colorSpace->getNComps() != 1) {
+    if (colorSpace == nullptr || colorSpace->getNComps() > 1) {
         delete colorSpace;
         colorSpace = state->copyDefaultGrayColorSpace();
     }
commit 548fe49fa53ff0ff63bc1a437ab04908f866cb87
Author: Albert Astals Cid <aacid at kde.org>
Date:   Fri Jan 15 16:01:01 2021 +0100

    Gfx::opSetFillRGBColor: Fix uninitialized memory read in bad files
    
    Make sure colorspace doesn't need more comps than we have
    
    oss-fuzz/29522

diff --git a/poppler/Gfx.cc b/poppler/Gfx.cc
index 694538cf..44575569 100644
--- a/poppler/Gfx.cc
+++ b/poppler/Gfx.cc
@@ -1398,7 +1398,8 @@ void Gfx::opSetFillRGBColor(Object args[], int numArgs)
     if (!obj.isNull()) {
         colorSpace = GfxColorSpace::parse(res, &obj, out, state);
     }
-    if (colorSpace == nullptr) {
+    if (colorSpace == nullptr || colorSpace->getNComps() > 3) {
+        delete colorSpace;
         colorSpace = state->copyDefaultRGBColorSpace();
     }
     state->setFillColorSpace(colorSpace);

More information about the poppler mailing list