diff options
| author | Albert Astals Cid <aacid@kde.org> | 2014-03-27 23:54:20 +0100 |
|---|---|---|
| committer | Albert Astals Cid <aacid@kde.org> | 2014-03-27 23:56:03 +0100 |
| commit | 5055479634dc8d0cd5afb3373de600fb121357fe (patch) | |
| tree | 8157964cb65b9655cbc67fbcb0cef090584fca78 | |
| parent | 3e7779935ec2610410bc4a42e9b0174e41ca9672 (diff) | |
Fix error reported by ASAN in 2010.asan.0.1506.pdf
==18859== ERROR: AddressSanitizer: unknown-crash on address 0x7f1e4a6beb50 at pc 0x7f1e5557444d bp 0x7fff6af3c340 sp 0x7fff6af3bb00
WRITE of size 442216446 at 0x7f1e4a6beb50 thread T0
#0 0x7f1e5557444c (/usr/lib/x86_64-linux-gnu/libasan.so.0+0xe44c)
#1 0x7f1e550e04ff in SplashFont::getGlyph(int, int, int, SplashGlyphBitmap*, int, int, SplashClip*, SplashClipResult*) /home/tsdgeos/devel/poppler/splash/SplashFont.cc:206
#2 0x7f1e550d9c69 in SplashFTFont::getGlyph(int, int, int, SplashGlyphBitmap*, int, int, SplashClip*, SplashClipResult*) /home/tsdgeos/devel/poppler/splash/SplashFTFont.cc:233
#3 0x7f1e550a5368 in Splash::fillChar(double, double, int, SplashFont*) /home/tsdgeos/devel/poppler/splash/Splash.cc:2714
#4 0x7f1e55078a20 in SplashOutputDev::drawChar(GfxState*, double, double, double, double, double, double, unsigned int, int, unsigned int*, int) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:2270
#5 0x7f1e54ed9599 in Gfx::doShowText(GooString*) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4054
#6 0x7f1e54ed6db0 in Gfx::opShowSpaceText(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:3886
#7 0x7f1e54eb533a in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903
#8 0x7f1e54eb450f in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762
#9 0x7f1e54eb4163 in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728
#10 0x7f1e54f96dd1 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585
#11 0x7f1e54f9e2fd in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
#12 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
#13 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
#14 0x7f1e545beec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#15 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
| -rw-r--r-- | splash/SplashFont.cc | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/splash/SplashFont.cc b/splash/SplashFont.cc index 2bfcdc87..3d6d6b23 100644 --- a/splash/SplashFont.cc +++ b/splash/SplashFont.cc @@ -11,7 +11,7 @@ // All changes made under the Poppler project to this file are licensed // under GPL version 2 or later // -// Copyright (C) 2007-2008, 2010 Albert Astals Cid <aacid@kde.org> +// Copyright (C) 2007-2008, 2010, 2014 Albert Astals Cid <aacid@kde.org> // // To see a description of the changes please see the Changelog file that // came with your tarball or type make ChangeLog if you are building from git @@ -24,6 +24,7 @@ #pragma implementation #endif +#include <limits.h> #include <string.h> #include "goo/gmem.h" #include "SplashMath.h" @@ -71,10 +72,14 @@ void SplashFont::initCache() { // deal with rounding errors glyphW = xMax - xMin + 3; glyphH = yMax - yMin + 3; - if (aa) { - glyphSize = glyphW * glyphH; + if (glyphW > INT_MAX / glyphH) { + glyphSize = -1; } else { - glyphSize = ((glyphW + 7) >> 3) * glyphH; + if (aa) { + glyphSize = glyphW * glyphH; + } else { + glyphSize = ((glyphW + 7) >> 3) * glyphH; + } } // set up the glyph pixmap cache |