Bug#777250: libpoppler46: uninitialised value in Splash::blitImage()

Fri, 06 Feb 2015 13:21:26 -0800 

Package: libpoppler46
Version: 0.26.5-2
Tags: patch
If you run pdftoppm on the attached PDF file under Valgrind, it reports use of uninitialised value: 

==9653== Command: pdftoppm -r 50 oed1.pdf x
==9653== Parent PID: 1383

==9653== 
==9653== Conditional jump or move depends on uninitialised value(s)

==9653==    at 0x49B5F04: Splash::pipeRun(SplashPipe*) (Splash.cc:450)
==9653==    by 0x49C49F8: Splash::blitImage(SplashBitmap*, bool, int, int, 
SplashClipResult) (Splash.cc:5089)
==9653==    by 0x49C511B: Splash::drawImage(bool (*)(void*, unsigned char*, 
unsigned char*), void*, SplashColorMode, bool, int, int, double*, bool, bool) 
(Splash.cc:3732)
==9653==    by 0x48C806C: SplashOutputDev::drawSoftMaskedImage(GfxState*, 
Object*, Stream*, int, int, GfxImageColorMap*, bool, Stream*, int, int, 
GfxImageColorMap*, bool) (SplashOutputDev.cc:3716)
==9653==    by 0x491394F: Gfx::doImage(Object*, Stream*, bool) (Gfx.cc:4646)
==9653==    by 0x491496B: Gfx::opXObject(Object*, int) (Gfx.cc:4179)
==9653==    by 0x49059BF: Gfx::execOp(Object*, Object*, int) (Gfx.cc:903)
==9653==    by 0x490E974: Gfx::go(bool) (Gfx.cc:762)
==9653==    by 0x490EEBF: Gfx::display(Object*, bool) (Gfx.cc:728)
==9653==    by 0x4957733: Page::displaySlice(OutputDev*, double, double, int, 
bool, bool, int, int, int, int, bool, bool (*)(void*), void*, bool (*)(Annot*, 
void*), void*, bool) (Page.cc:585)
==9653==    by 0x495F557: PDFDoc::displayPageSlice(OutputDev*, int, double, 
double, int, bool, bool, bool, int, int, int, int, bool (*)(void*), void*, bool 
(*)(Annot*, void*), void*, bool) (PDFDoc.cc:503)
==9653==    by 0x109A7E: savePageSlice (pdftoppm.cc:222)
==9653==    by 0x109A7E: main (pdftoppm.cc:521)
==9653==  Uninitialised value was created by a stack allocation
==9653==    at 0x49C413F: Splash::blitImage(SplashBitmap*, bool, int, int, 
SplashClipResult) (Splash.cc:5030)


The attached patch seems to fix it.

-- System Information:
Debian Release: 8.0
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libpoppler46 depends on:
ii  libc6              2.19-14
ii  libfontconfig1     2.11.0-6.3
ii  libfreetype6       2.5.2-2
ii  libgcc1            1:4.9.2-10
ii  libjpeg62-turbo    1:1.3.1-11
ii  liblcms2-2         2.6-3+b3
ii  libopenjpeg5       1:1.5.2-3
ii  libpng12-0         1.2.50-2+b2
ii  libstdc++6         4.9.2-10
ii  libtiff5           4.0.3-12
ii  multiarch-support  2.19-14

--
Jakub Wilk



Attachment:
oed1.pdf.gz

Description: application/gzip


--- poppler-0.26.5.orig/splash/Splash.cc
+++ poppler-0.26.5/splash/Splash.cc
@@ -5082,6 +5082,7 @@ void Splash::blitImage(SplashBitmap *src
 	}
       }
     } else {
+      pipe.shape = 0;
       for (y = y0; y < y1; ++y) {
 	pipeSetXY(&pipe, xDest + x0, yDest + y);
 	for (x = x0; x < x1; ++x) {






















					Reply via email to