summaryrefslogtreecommitdiff
path: root/splash
diff options
context:
space:
mode:
authorAlbert Astals Cid <aacid@kde.org>2014-03-28 15:53:22 +0100
committerAlbert Astals Cid <aacid@kde.org>2014-03-28 15:53:35 +0100
commit82d69da7c2f67e774c51fb7b146fdf639a6b9616 (patch)
treee741bcf48986c8f99645268ff0293b849f5f42fc /splash
parent38ec8cbeeaf69d96b9d7bcd662187c8916cf7903 (diff)
Fix error reported by ASAN in 3628.asan.0.3910.pdf
==20743== ERROR: AddressSanitizer: heap-buffer-overflow on address 0x60040005c6ef at pc 0x7f8912ca0c90 bp 0x7fff8509ee20 sp 0x7fff8509ee18 READ of size 1 at 0x60040005c6ef thread T0 #0 0x7f8912ca0c8f in expandRow(unsigned char*, unsigned char*, int, int, int) /home/tsdgeos/devel/poppler/splash/Splash.cc:4855 #1 0x7f8912ca1097 in Splash::scaleImageYuXuBilinear(bool (*)(void*, unsigned char*, unsigned char*), void*, SplashColorMode, int, bool, int, int, int, int, SplashBitmap*) /home/tsdgeos/devel/poppler/splash/Splash.cc:4897 #2 0x7f8912c9d2b7 in Splash::scaleImage(bool (*)(void*, unsigned char*, unsigned char*), void*, SplashColorMode, int, bool, int, int, int, int, bool, bool) /home/tsdgeos/devel/poppler/splash/Splash.cc:4127 #3 0x7f8912c98101 in Splash::drawImage(bool (*)(void*, unsigned char*, unsigned char*), void*, SplashColorMode, bool, int, int, double*, bool, bool) /home/tsdgeos/devel/poppler/splash/Splash.cc:3726 #4 0x7f8912c7056a in SplashOutputDev::drawSoftMaskedImage(GfxState*, Object*, Stream*, int, int, GfxImageColorMap*, bool, Stream*, int, int, GfxImageColorMap*, bool) /home/tsdgeos/devel/poppler/poppler/SplashOutputDev.cc:3630 #5 0x7f8912ac7aa7 in Gfx::doImage(Object*, Stream*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4646 #6 0x7f8912ac4de0 in Gfx::opXObject(Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:4179 #7 0x7f8912a9f33a in Gfx::execOp(Object*, Object*, int) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:903 #8 0x7f8912a9e50f in Gfx::go(bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:762 #9 0x7f8912a9e163 in Gfx::display(Object*, bool) /home/tsdgeos/devel/poppler/poppler/Gfx.cc:728 #10 0x7f8912b80e13 in Page::displaySlice(OutputDev*, double, double, int, bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/Page.cc:585 #11 0x7f8912b8833f in PDFDoc::displayPageSlice(OutputDev*, int, double, double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool (*)(Annot*, void*), void*, bool) /home/tsdgeos/devel/poppler/poppler/PDFDoc.cc:503 #12 0x40311e in savePageSlice(PDFDoc*, SplashOutputDev*, int, int, int, int, int, double, double, char*) /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:222 #13 0x404416 in main /home/tsdgeos/devel/poppler/utils/pdftoppm.cc:521 #14 0x7f89121a8ec4 (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4) #15 0x401d58 in _start (/home/tsdgeos/devel/poppler/build-debug/utils/pdftoppm+0x401d58)
Diffstat (limited to 'splash')
-rw-r--r--splash/Splash.cc3
1 files changed, 3 insertions, 0 deletions
diff --git a/splash/Splash.cc b/splash/Splash.cc
index d9983b07..b303cf2c 100644
--- a/splash/Splash.cc
+++ b/splash/Splash.cc
@@ -4875,6 +4875,9 @@ void Splash::scaleImageYuXuBilinear(SplashImageSource src, void *srcData,
Guchar *destPtr0, *destPtr, *destAlphaPtr0, *destAlphaPtr;
int i;
+ if (srcWidth < 1 || srcHeight < 1)
+ return;
+
// allocate buffers
srcBuf = (Guchar *)gmallocn(srcWidth+1, nComps); // + 1 pixel of padding
lineBuf1 = (Guchar *)gmallocn(scaledWidth, nComps);