diff options
| author | Albert Astals Cid <aacid@kde.org> | 2014-03-28 00:35:17 +0100 |
|---|---|---|
| committer | Albert Astals Cid <aacid@kde.org> | 2014-03-28 00:35:34 +0100 |
| commit | 89a64b508e5f8445798c95fcec6c87180f6c9b73 (patch) | |
| tree | 0d3f8b052513951f3bdef2947de8a19a25d962c7 | |
| parent | 5055479634dc8d0cd5afb3373de600fb121357fe (diff) | |
Fix error reported by ASAN in 2279.asan.0.1904.pdf
==20507== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60420000ff04 at pc 0x7fa1492e8012 bp 0x7fff8406d900 sp 0x7fff8406d8f8
READ of size 4 at 0x60420000ff04 thread T0
#0 0x7fa1492e8011 in SplashFTFont::makeGlyph(int, int, int, SplashGlyphBitmap*, int, int, SplashClip*, SplashClipResult*) /home/tsdgeos/devel/poppler/splash/SplashFTFont.cc:284
#1 0x7fa1492eda32 in SplashFont::getGlyph(int, int, int, SplashGlyphBitmap*, int, int, SplashClip*, SplashClipResult*) /home/tsdgeos/devel/poppler/splash/SplashFont.cc:168
#2 0x7fa1492e7c69 in SplashFTFont::getGlyph(int, int, int, SplashGlyphBitmap*, int, int, SplashClip*, SplashClipResult*) /home/tsdgeos/devel/poppler/splash/SplashFTFont.cc:233
#3 0x7fa1492b3368 in Splash::fillChar(double, double, int, SplashFont*) /home/tsdgeos/devel/poppler/splash/Splash.cc:2714
#4 0x7fa149286a20 in SplashOutputDev::drawChar(GfxState*, double, double, double, double, double, double, unsigned int, int, unsigned int*, int) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:2270
#5 0x7fa1490e7599 in Gfx::doShowText(GooString*) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4054
#6 0x7fa1490e4db0 in Gfx::opShowSpaceText(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:3886
#7 0x7fa1490c333a in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903
#8 0x7fa1490c250f in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762
#9 0x7fa1490c2163 in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728
#10 0x7fa1491a4dd1 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585
#11 0x7fa1491ac2fd in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
#12 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
#13 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
#14 0x7fa1487ccec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#15 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
| -rw-r--r-- | splash/SplashFTFont.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/splash/SplashFTFont.cc b/splash/SplashFTFont.cc index 2a236252..aca88671 100644 --- a/splash/SplashFTFont.cc +++ b/splash/SplashFTFont.cc @@ -11,7 +11,7 @@ // All changes made under the Poppler project to this file are licensed // under GPL version 2 or later // -// Copyright (C) 2005, 2007-2011 Albert Astals Cid <aacid@kde.org> +// Copyright (C) 2005, 2007-2011, 2014 Albert Astals Cid <aacid@kde.org> // Copyright (C) 2006 Kristian Høgsberg <krh@bitplanet.net> // Copyright (C) 2009 Petr Gajdos <pgajdos@novell.com> // Copyright (C) 2010 Suzuki Toshiya <mpsuzuki@hiroshima-u.ac.jp> @@ -280,7 +280,7 @@ GBool SplashFTFont::makeGlyph(int c, int xFrac, int yFrac, FT_Set_Transform(ff->face, &matrix, &offset); slot = ff->face->glyph; - if (ff->codeToGID && c < ff->codeToGIDLen) { + if (ff->codeToGID && c < ff->codeToGIDLen && c >= 0) { gid = (FT_UInt)ff->codeToGID[c]; } else { gid = (FT_UInt)c; |