File CVE-2017-9775.patch of Package poppler.27867

Overview Repositories Revisions Requests Users Attributes Meta

File CVE-2017-9775.patch of Package poppler.27867

From 8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Wed, 21 Jun 2017 00:56:38 +0200
Subject: Fix crash in malformed documents

Index: poppler-0.24.4/poppler/GfxState.cc
===================================================================
--- poppler-0.24.4.orig/poppler/GfxState.cc	2017-07-19 12:19:27.140459672 +0000
+++ poppler-0.24.4/poppler/GfxState.cc	2017-07-19 12:19:34.252543697 +0000
@@ -3381,11 +3381,17 @@ GfxUnivariateShading::~GfxUnivariateShad
 
 void GfxUnivariateShading::getColor(double t, GfxColor *color) {
   double out[gfxColorMaxComps];
-  int i, nComps;
+  int i;
 
   // NB: there can be one function with n outputs or n functions with
   // one output each (where n = number of color components)
-  nComps = nFuncs * funcs[0]->getOutputSize();
+  const int nComps = nFuncs * funcs[0]->getOutputSize();
+
+  if (unlikely(nFuncs < 1 || nComps > gfxColorMaxComps)) {
+    for (int i = 0; i < gfxColorMaxComps; i++)
+        color->c[i] = 0;
+    return;
+  }
 
   if (cacheSize > 0) {
     double x, ix, *l, *u, *upper;

Places

File CVE-2017-9775.patch of Package poppler.27867

Places