Backport of:
From 8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Wed, 21 Jun 2017 00:56:38 +0200
Subject: Fix crash in malformed documents
Index: poppler-0.48.0/poppler/GfxState.cc
===================================================================
--- poppler-0.48.0.orig/poppler/GfxState.cc 2017-07-06 08:47:56.293299614 -0400
+++ poppler-0.48.0/poppler/GfxState.cc 2017-07-06 08:51:18.335869121 -0400
@@ -4029,11 +4029,17 @@ GfxUnivariateShading::~GfxUnivariateShad
void GfxUnivariateShading::getColor(double t, GfxColor *color) {
double out[gfxColorMaxComps];
- int i, nComps;
+ int i;
// NB: there can be one function with n outputs or n functions with
// one output each (where n = number of color components)
- nComps = nFuncs * funcs[0]->getOutputSize();
+ const int nComps = nFuncs * funcs[0]->getOutputSize();
+
+ if (unlikely(nFuncs < 1 || nComps > gfxColorMaxComps)) {
+ for (int i = 0; i < gfxColorMaxComps; i++)
+ color->c[i] = 0;
+ return;
+ }
if (cacheSize > 0) {
double x, ix, *l, *u, *upper;
@@ -4084,6 +4090,9 @@ void GfxUnivariateShading::setupCache(co
cacheBounds = NULL;
cacheSize = 0;
+ if (unlikely(nFuncs < 1))
+ return;
+
// NB: there can be one function with n outputs or n functions with
// one output each (where n = number of color components)
nComps = nFuncs * funcs[0]->getOutputSize();
distrib
>
Mageia
>
6
>
armv5tl
>
media
>
core-updates-src
>
by-pkgid
>
2cf5de1e21298837da4a1e7a9cc80c0d
>
files
>
10
