poppler/poppler-config.h.cmake | 7 +++++-- splash/SplashXPathScanner.cc | 25 +++++++++++++++++-------- splash/SplashXPathScanner.h | 2 +- 3 files changed, 23 insertions(+), 11 deletions(-)
New commits: commit 2c0cb689910e8579bf428b3999bcac0cb27b0e51 Merge: 0b639cd 1161e72 Author: Albert Astals Cid <[email protected]> Date: Sat Jul 12 17:21:07 2014 +0200 Merge remote-tracking branch 'origin/poppler-0.26' commit 1161e728de9ca7c9a5fb0e24c4a5e4a79c65a849 Author: Thomas Freitag <[email protected]> Date: Sat Jul 12 17:04:42 2014 +0200 Error out instead of exiting if allInter grows too much Bug #78714 diff --git a/splash/SplashXPathScanner.cc b/splash/SplashXPathScanner.cc index 52ac1c2..5ca1811 100644 --- a/splash/SplashXPathScanner.cc +++ b/splash/SplashXPathScanner.cc @@ -272,8 +272,9 @@ void SplashXPathScanner::computeIntersections() { if (seg->flags & splashXPathHoriz) { y = splashFloor(seg->y0); if (y >= yMin && y <= yMax) { - addIntersection(segYMin, segYMax, seg->flags, - y, splashFloor(seg->x0), splashFloor(seg->x1)); + if (!addIntersection(segYMin, segYMax, seg->flags, + y, splashFloor(seg->x0), splashFloor(seg->x1))) + break; } } else if (seg->flags & splashXPathVert) { y0 = splashFloor(segYMin); @@ -286,7 +287,8 @@ void SplashXPathScanner::computeIntersections() { } x = splashFloor(seg->x0); for (y = y0; y <= y1; ++y) { - addIntersection(segYMin, segYMax, seg->flags, y, x, x); + if (!addIntersection(segYMin, segYMax, seg->flags, y, x, x)) + break; } } else { if (seg->x0 < seg->x1) { @@ -321,8 +323,9 @@ void SplashXPathScanner::computeIntersections() { } else if (xx1 > segXMax) { xx1 = segXMax; } - addIntersection(segYMin, segYMax, seg->flags, y, - splashFloor(xx0), splashFloor(xx1)); + if (!addIntersection(segYMin, segYMax, seg->flags, y, + splashFloor(xx0), splashFloor(xx1))) + break; } } } @@ -340,12 +343,17 @@ void SplashXPathScanner::computeIntersections() { inter[yMax - yMin + 1] = i; } -void SplashXPathScanner::addIntersection(double segYMin, double segYMax, +GBool SplashXPathScanner::addIntersection(double segYMin, double segYMax, Guint segFlags, int y, int x0, int x1) { if (allInterLen == allInterSize) { - allInterSize *= 2; - allInter = (SplashIntersect *)greallocn(allInter, allInterSize, + unsigned int newInterSize = ((unsigned int) allInterSize * 2 > INT_MAX / sizeof(SplashIntersect)) ? allInterSize + 32768 : allInterSize * 2; + if (newInterSize >= INT_MAX / sizeof(SplashIntersect)) { + error(errInternal, -1, "Bogus memory allocation size in SplashXPathScanner::addIntersection {0:d}", newInterSize); + return gFalse; + } + allInterSize = newInterSize; + allInter = (SplashIntersect *)greallocn(allInter, newInterSize, sizeof(SplashIntersect)); } allInter[allInterLen].y = y; @@ -365,6 +373,7 @@ void SplashXPathScanner::addIntersection(double segYMin, double segYMax, allInter[allInterLen].count = 0; } ++allInterLen; + return gTrue; } void SplashXPathScanner::renderAALine(SplashBitmap *aaBuf, diff --git a/splash/SplashXPathScanner.h b/splash/SplashXPathScanner.h index b59e306..53bd22d 100644 --- a/splash/SplashXPathScanner.h +++ b/splash/SplashXPathScanner.h @@ -85,7 +85,7 @@ public: private: void computeIntersections(); - void addIntersection(double segYMin, double segYMax, + GBool addIntersection(double segYMin, double segYMax, Guint segFlags, int y, int x0, int x1); commit e82a24a585d251f767725f61700dc1f8fe169a52 Author: Pino Toscano <[email protected]> Date: Sat Jul 12 08:35:45 2014 +0200 cmake: sync poppler-config.h.cmake with poppler-config.h.in diff --git a/poppler/poppler-config.h.cmake b/poppler/poppler-config.h.cmake index b04f2bf..d7918bc 100644 --- a/poppler/poppler-config.h.cmake +++ b/poppler/poppler-config.h.cmake @@ -14,6 +14,7 @@ // under GPL version 2 or later // // Copyright (C) 2014 Bogdan Cristea <[email protected]> +// Copyright (C) 2014 Hib Eris <[email protected]> // // To see a description of the changes please see the Changelog file that // came with your tarball or type make ChangeLog if you are building from git @@ -23,12 +24,14 @@ #ifndef POPPLER_CONFIG_H #define POPPLER_CONFIG_H +#include <stdio.h> + // We duplicate some of the config.h #define's here since they are // used in some of the header files we install. The #ifndef/#endif // around #undef look odd, but it's to silence warnings about // redefining those symbols. -/* Defines the poppler version */ +/* Defines the poppler version. */ #ifndef POPPLER_VERSION #define POPPLER_VERSION "${POPPLER_VERSION}" #endif @@ -174,7 +177,7 @@ char * strtok_r (char *s, const char *delim, char **save_ptr); #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ > 4) #ifdef __MINGW_PRINTF_FORMAT #define GCC_PRINTF_FORMAT(fmt_index, va_index) \ - __attribute__((__format__(__MINGW_PRINTF_FORMAT, fmt_index, va_index))) + __attribute__((__format__(__MINGW_PRINTF_FORMAT, fmt_index, va_index))) #else #define GCC_PRINTF_FORMAT(fmt_index, va_index) \ __attribute__((__format__(__printf__, fmt_index, va_index))) _______________________________________________ poppler mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/poppler
