poppler/GfxState.cc | 4 ++++ 1 file changed, 4 insertions(+) New commits: commit fef32ba463a225618a967c541d939fd69e02f2dd Author: Albert Astals Cid <aa...@kde.org> Date: Fri May 25 17:42:22 2018 +0200
GfxPatchMeshShading::parse: Add bounds check for compBits The spec is much more strict on what is valid, but i'm only doing a check so that the code doesn't break fixes oss-fuzz/8445 diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc index 07da59a7..71ab480b 100644 --- a/poppler/GfxState.cc +++ b/poppler/GfxState.cc @@ -5145,6 +5145,10 @@ GfxPatchMeshShading *GfxPatchMeshShading::parse(GfxResources *res, int typeA, Di error(errSyntaxWarning, -1, "Missing or invalid BitsPerComponent in shading dictionary"); return nullptr; } + if (unlikely(compBits <= 0 || compBits > 31)) { + error(errSyntaxWarning, -1, "Invalid BitsPerComponent in shading dictionary"); + return nullptr; + } obj1 = dict->lookup("BitsPerFlag"); if (obj1.isInt()) { flagBits = obj1.getInt(); _______________________________________________ poppler mailing list poppler@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/poppler