From a8fdb464e8c1ccc920c064324d7289fa05c1cf1d Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Fri, 8 Jan 2021 16:27:50 +0100
Subject: Also protect against malformed GfxPatchMeshShading

oss-fuzz/11197
---
 poppler/GfxState.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index 34c9e6da..e42585ed 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -4900,6 +4900,15 @@ GfxPatchMeshShading *GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di
         }
     }
 
+    for (unsigned int k = 0; k < funcsA.size(); ++k) {
+        if (funcsA[k]->getInputSize() > 1) {
+            return nullptr;
+        }
+        if (funcsA[k]->getOutputSize() > static_cast<int>(gfxColorMaxComps - k)) {
+            return nullptr;
+        }
+    }
+
     nPatchesA = 0;
     patchesA = nullptr;
     patchesSize = 0;
-- 
cgit v1.2.3