diff options
| author | Albert Astals Cid <aacid@kde.org> | 2014-03-28 11:18:02 +0100 |
|---|---|---|
| committer | Albert Astals Cid <aacid@kde.org> | 2014-03-28 11:18:29 +0100 |
| commit | 38ec8cbeeaf69d96b9d7bcd662187c8916cf7903 (patch) | |
| tree | dcae1dd03995ea08234baf3018e480c74e679338 | |
| parent | 49b4eb68ee646aefe49b70f9e2831ebf93576053 (diff) | |
Fix error reported by ASAN in 5782.asan.0.7113.pdf
==32161== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6008000e3bcf at pc 0x7f66bae0e117 bp 0x7fffcb54ea70 sp 0x7fffcb54ea68
READ of size 1 at 0x6008000e3bcf thread T0
#0 0x7f66bae0e116 in GooString::getChar(int) /home/tsdgeos/devel/poppler/goo/GooString.h:119
#1 0x7f66bafb5dca in LinkURI::LinkURI(Object*, GooString*) /home/tsdgeos/devel/poppler/poppler/Link.cc:562
#2 0x7f66bafb2a05 in LinkAction::parseAction(Object*, GooString*) /home/tsdgeos/devel/poppler/poppler/Link.cc:98
#3 0x7f66bae69c0e in AnnotLink::initialize(PDFDoc*, Dict*) /home/tsdgeos/devel/poppler/poppler/Annot.cc:2621
#4 0x7f66bae698d9 in AnnotLink::AnnotLink(PDFDoc*, Dict*, Object*) /home/tsdgeos/devel/poppler/poppler/Annot.cc:2596
#5 0x7f66bae8d998 in Annots::createAnnot(Dict*, Object*) /home/tsdgeos/devel/poppler/poppler/Annot.cc:6737
#6 0x7f66bae8d269 in Annots::Annots(PDFDoc*, int, Object*) /home/tsdgeos/devel/poppler/poppler/Annot.cc:6683
#7 0x7f66bafc750d in Page::getAnnots(XRef*) /home/tsdgeos/devel/poppler/poppler/Page.cc:402
#8 0x7f66bafc8e66 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:595
#9 0x7f66bafd02fd in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503
#10 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222
#11 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521
#12 0x7f66ba5f0ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4)
#13 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
| -rw-r--r-- | poppler/Link.cc | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/poppler/Link.cc b/poppler/Link.cc index 20184d13..4ab5f52c 100644 --- a/poppler/Link.cc +++ b/poppler/Link.cc @@ -16,7 +16,7 @@ // Copyright (C) 2006, 2008 Pino Toscano <pino@kde.org> // Copyright (C) 2007, 2010, 2011 Carlos Garcia Campos <carlosgc@gnome.org> // Copyright (C) 2008 Hugo Mercier <hmercier31@gmail.com> -// Copyright (C) 2008-2010, 2012, 2013 Albert Astals Cid <aacid@kde.org> +// Copyright (C) 2008-2010, 2012-2014 Albert Astals Cid <aacid@kde.org> // Copyright (C) 2009 Kovid Goyal <kovid@kovidgoyal.net> // Copyright (C) 2009 Ilya Gorenbein <igorenbein@finjan.com> // Copyright (C) 2012 Tobias Koening <tobias.koenig@kdab.com> @@ -559,9 +559,11 @@ LinkURI::LinkURI(Object *uriObj, GooString *baseURI) { // relative URI if (baseURI) { uri = baseURI->copy(); - c = uri->getChar(uri->getLength() - 1); - if (c != '/' && c != '?') { - uri->append('/'); + if (uri->getLength() > 0) { + c = uri->getChar(uri->getLength() - 1); + if (c != '/' && c != '?') { + uri->append('/'); + } } if (uri2->getChar(0) == '/') { uri->append(uri2->getCString() + 1, uri2->getLength() - 1); |