Also protect against malformed GfxPatchMeshShading

oss-fuzz/11197
author: Albert Astals Cid <aacid@kde.org> 2021-01-08 16:27:50 +0100
committer: Albert Astals Cid <aacid@kde.org> 2021-01-08 16:27:50 +0100
commit: a8fdb464e8c1ccc920c064324d7289fa05c1cf1d (patch)
tree: 2c105f403395d3cf6152fc4a50eb4106d340918b
parent: f1b21278330a1a1f275f224a2ffd56dff45c5b4c (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index 34c9e6da..e42585ed 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -4900,6 +4900,15 @@ GfxPatchMeshShading *GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
         }
     }
 
+    for (unsigned int k = 0; k < funcsA.size(); ++k) {
+        if (funcsA[k]->getInputSize() > 1) {
+            return nullptr;
+        }
+        if (funcsA[k]->getOutputSize() > static_cast<int>(gfxColorMaxComps - k)) {
+            return nullptr;
+        }
+    }
+
     nPatchesA = 0;
     patchesA = nullptr;
     patchesSize = 0;
author	Albert Astals Cid <aacid@kde.org>	2021-01-08 16:27:50 +0100
committer	Albert Astals Cid <aacid@kde.org>	2021-01-08 16:27:50 +0100
commit	a8fdb464e8c1ccc920c064324d7289fa05c1cf1d (patch)
tree	2c105f403395d3cf6152fc4a50eb4106d340918b
parent	f1b21278330a1a1f275f224a2ffd56dff45c5b4c (diff)