poppler/GfxState.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)
New commits: commit a76c8fbd50a3a5cbe0487158e9d2b325e596d2c6 Author: Albert Astals Cid <aa...@kde.org> Date: Tue May 29 01:01:26 2018 +0200 GfxSeparationColorSpace::getRGB: ensure color2 doesn't have uninit values if alt->getNComps() is bigger than func->getOutputSize() (which is most likely a faulty file) we init those indexes of color2 with 0 fixes oss-fuzz/8586 diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc index 0ef42a43..ef5d287e 100644 --- a/poppler/GfxState.cc +++ b/poppler/GfxState.cc @@ -2816,9 +2816,15 @@ void GfxSeparationColorSpace::getRGB(GfxColor *color, GfxRGB *rgb) { } else { x = colToDbl(color->c[0]); func->transform(&x, c); - for (i = 0; i < alt->getNComps(); ++i) { + const int altNComps = alt->getNComps(); + for (i = 0; i < altNComps; ++i) { color2.c[i] = dblToCol(c[i]); } + if (unlikely(altNComps > func->getOutputSize())) { + for (i = func->getOutputSize(); i < altNComps; ++i) { + color2.c[i] = 0; + } + } alt->getRGB(&color2, rgb); } } _______________________________________________ poppler mailing list poppler@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/poppler