splash/Splash.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
New commits: commit a0289d279d5de130065bc7f35eb264d9ba42b682 Author: Albert Astals Cid <[email protected]> Date: Sat Dec 21 09:56:38 2019 +0100 Splash::scaleImageYdXu: Protect against crash if srcWidth is too big oss-fuzz/19630 diff --git a/splash/Splash.cc b/splash/Splash.cc index 5491fcc0..3d80b5c4 100644 --- a/splash/Splash.cc +++ b/splash/Splash.cc @@ -4356,8 +4356,12 @@ void Splash::scaleImageYdXu(SplashImageSource src, void *srcData, xq = scaledWidth % srcWidth; // allocate buffers + pixBuf = (unsigned int *)gmallocn_checkoverflow(srcWidth, nComps * sizeof(int)); + if (unlikely(!pixBuf)) { + error(errInternal, -1, "Splash::scaleImageYdXu. Couldn't allocate pixBuf memory"); + return; + } lineBuf = (unsigned char *)gmallocn(srcWidth, nComps); - pixBuf = (unsigned int *)gmallocn(srcWidth, nComps * sizeof(int)); if (srcAlpha) { alphaLineBuf = (unsigned char *)gmalloc(srcWidth); alphaPixBuf = (unsigned int *)gmallocn(srcWidth, sizeof(int)); _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
