diff options
| author | Albert Astals Cid <aacid@kde.org> | 2014-03-26 15:00:09 +0100 |
|---|---|---|
| committer | Albert Astals Cid <aacid@kde.org> | 2014-03-26 18:43:40 +0100 |
| commit | 225232f6f070d17d8570108ffe39ffd4350fc6e8 (patch) | |
| tree | 62aa8854e2359186b6649b1f3ba75874e29f7f7c | |
| parent | 216890f1f147b25643e0d6e18e361d4d34b6c332 (diff) | |
Fix error reported by ASAN in 6609.asan.0.8343.pdf
==8470== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x7f3b12f7b5e1 at pc 0x7f3b0f915f5e bp 0x7fff47842de0 sp 0x7fff47842dd8
READ of size 1 at 0x7f3b12f7b5e1 thread T0
#0 0x7f3b0f915f5d in JBIG2Stream::readGenericBitmap(bool, int, int, int, bool, bool, JBIG2Bitmap*, int*, int*, int) /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:3628
#1 0x7f3b0f910558 in JBIG2Stream::readGenericRegionSeg(unsigned int, bool, bool, unsigned int) /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:2849
#2 0x7f3b0f906b33 in JBIG2Stream::readSegments() /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:1443
#3 0x7f3b0f90572e in JBIG2Stream::reset() /home/tsdgeos/devel/poppler/poppler/JBIG2Stream.cc:1248
#4 0x7f3b0f951459 in ImageStream::reset() /home/tsdgeos/devel/poppler/poppler/Stream.cc:484
#5 0x7f3b0fa21546 in SplashOutputDev::drawImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, int*, bool) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:3158
#6 0x7f3b0f87cd64 in Gfx::doImage(Object*, Stream*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4653
#7 0x7f3b0f879de0 in Gfx::opXObject(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4179
#8 0x7f3b0f85433a in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903
#9 0x7f3b0f85350f in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762
#10 0x7f3b0f853163 in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728
#11 0x7f3b0f935df5 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585
#12 0x7f3b0f93d321 in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
#13 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
#14 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
#15 0x7f3b0ef5dec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#16 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
| -rw-r--r-- | poppler/JBIG2Stream.cc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc index e2f8ec07..87411ca1 100644 --- a/poppler/JBIG2Stream.cc +++ b/poppler/JBIG2Stream.cc @@ -3608,8 +3608,9 @@ JBIG2Bitmap *JBIG2Stream::readGenericBitmap(GBool mmr, int w, int h, if (atx[0] >= -8 && atx[0] <= 8) { // set up the adaptive context - if (y + aty[0] >= 0) { - atP0 = bitmap->getDataPtr() + (y + aty[0]) * bitmap->getLineSize(); + const int atY = y + aty[0]; + if ((atY >= 0) && (atY < bitmap->getHeight())) { + atP0 = bitmap->getDataPtr() + atY * bitmap->getLineSize(); atBuf0 = *atP0++ << 8; } else { atP0 = NULL; |