[prev in list] [next in list] [prev in thread] [next in thread]
List: freedesktop-poppler
Subject: [poppler] splash/Splash.cc
From: gitlab-mirror () kemper ! freedesktop ! org (GitLab Mirror)
Date: 2018-10-29 23:11:42
Message-ID: 20181029231142.40EDB76209 () kemper ! freedesktop ! org
[Download RAW message or body]
splash/Splash.cc | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
New commits:
commit 2d6ba9b1483cd4ae7f90d2f7ddef5a08cc3082a2
Author: Albert Astals Cid <aacid@kde.org>
Date: Tue Oct 30 00:11:06 2018 +0100
Fix crash if document is malformed (too wide)
oss-fuzz/11195
diff --git a/splash/Splash.cc b/splash/Splash.cc
index 7964da39..bce1015b 100644
--- a/splash/Splash.cc
+++ b/splash/Splash.cc
@@ -3337,7 +3337,12 @@ void Splash::scaleMaskYdXd(SplashImageMaskSource src, void *srcData,
// allocate buffers
lineBuf = (Guchar *)gmalloc(srcWidth);
- pixBuf = (Guint *)gmallocn(srcWidth, sizeof(int));
+ pixBuf = (Guint *)gmallocn_checkoverflow(srcWidth, sizeof(int));
+ if (unlikely(!pixBuf)) {
+ error(errInternal, -1, "Couldn't allocate memory for pixBux in Splash::scaleMaskYdXd");
+ gfree(lineBuf);
+ return;
+ }
// init y scale Bresenham
yt = 0;
_______________________________________________
poppler mailing list
poppler@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/poppler
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic