poppler/Form.cc | 4 ++++ poppler/JBIG2Stream.cc | 2 ++ poppler/PSOutputDev.cc | 4 ++++ splash/Splash.cc | 4 +--- 4 files changed, 11 insertions(+), 3 deletions(-)
New commits: commit 4552af28684e18c6153ce5598b121a73477af4d6 Author: Albert Astals Cid <[email protected]> Date: Sun Sep 4 15:24:14 2016 +0200 Do not crash on invalid files where nStripes is 0 Bug #85276 diff --git a/poppler/PSOutputDev.cc b/poppler/PSOutputDev.cc index 204f16e..183e929 100644 --- a/poppler/PSOutputDev.cc +++ b/poppler/PSOutputDev.cc @@ -3346,6 +3346,10 @@ GBool PSOutputDev::checkPageSlice(Page *page, double /*hDPI*/, double /*vDPI*/, } nStripes = (int)ceil((double)(sliceW * sliceH) / (double)rasterizationSliceSize); + if (unlikely(nStripes == 0)) { + delete splashOut; + return gFalse; + } stripeH = (sliceH + nStripes - 1) / nStripes; // render the stripes commit 364c15795a0508d421ca636bc7b71f93039a82b1 Author: Albert Astals Cid <[email protected]> Date: Sun Sep 4 15:23:25 2016 +0200 Always delete aaBuf if it is there Doesn't matter if antialias is temporarily disabled diff --git a/splash/Splash.cc b/splash/Splash.cc index 4d33cf7..e179c1c 100644 --- a/splash/Splash.cc +++ b/splash/Splash.cc @@ -1642,9 +1642,7 @@ Splash::~Splash() { restoreState(); } delete state; - if (vectorAntialias) { - delete aaBuf; - } + delete aaBuf; } //------------------------------------------------------------------------ commit 22c4701d5f7be0010ee4519daa546fba5ab7ac13 Author: Albert Astals Cid <[email protected]> Date: Fri Aug 26 15:18:22 2016 +0200 Fix crash in files with broken JBIG2Streams diff --git a/poppler/JBIG2Stream.cc b/poppler/JBIG2Stream.cc index 9f12d5d..a1d2f97 100644 --- a/poppler/JBIG2Stream.cc +++ b/poppler/JBIG2Stream.cc @@ -892,6 +892,8 @@ void JBIG2Bitmap::combine(JBIG2Bitmap *bitmap, int x, int y, oneByte = x0 == ((x1 - 1) & ~7); for (yy = y0; yy < y1; ++yy) { + if (unlikely(y + yy) >= h) + continue; // one byte per line -- need to mask both left and right side if (oneByte) { commit c46b8b99b3a2d51692d889df22136cb737d3a47f Author: Albert Astals Cid <[email protected]> Date: Fri Aug 26 14:53:19 2016 +0200 Fix memory leak when parsing broken Forms diff --git a/poppler/Form.cc b/poppler/Form.cc index d5f4dd1..8e3b265 100644 --- a/poppler/Form.cc +++ b/poppler/Form.cc @@ -518,6 +518,8 @@ FormField::FormField(PDFDoc *docA, Object *aobj, const Ref& aref, FormField *par if (terminal) { error(errSyntaxWarning, -1, "Field can't have both Widget AND Field as kids\n"); + childObj.free(); + childRef.free(); continue; } @@ -530,6 +532,8 @@ FormField::FormField(PDFDoc *docA, Object *aobj, const Ref& aref, FormField *par error(errSyntaxWarning, -1, "Field can't have both Widget AND Field as kids\n"); obj2.free(); obj3.free(); + childObj.free(); + childRef.free(); continue; } _createWidget(&childObj, ref); _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
