Blame SOURCES/poppler-0.26.2-invalid-matrix.patch
|
 |
76f8c5 |
From acc33a6950031ac4a5c759d043d24df0cfa7e8b6 Mon Sep 17 00:00:00 2001
|
|
|
76f8c5 |
From: Jason Crain <jason@aquaticape.us>
|
|
|
76f8c5 |
Date: Sat, 20 Dec 2014 02:24:49 -0600
|
|
|
76f8c5 |
Subject: [PATCH] Check for invalid matrix in annotation
|
|
|
76f8c5 |
|
|
|
76f8c5 |
Bug #84990
|
|
|
76f8c5 |
---
|
|
|
76f8c5 |
poppler/Gfx.cc | 12 ++++++++++--
|
|
|
76f8c5 |
1 file changed, 10 insertions(+), 2 deletions(-)
|
|
|
76f8c5 |
|
|
|
76f8c5 |
diff --git a/poppler/Gfx.cc b/poppler/Gfx.cc
|
|
|
76f8c5 |
index 64a9d7b..77693f9 100644
|
|
|
76f8c5 |
--- a/poppler/Gfx.cc
|
|
|
76f8c5 |
+++ b/poppler/Gfx.cc
|
|
|
76f8c5 |
@@ -37,6 +37,7 @@
|
|
|
76f8c5 |
// Copyright (C) 2012 Even Rouault <even.rouault@mines-paris.org>
|
|
|
76f8c5 |
// Copyright (C) 2012, 2013 Fabio D'Urso <fabiodurso@hotmail.it>
|
|
|
76f8c5 |
// Copyright (C) 2012 Lu Wang <coolwanglu@gmail.com>
|
|
|
76f8c5 |
+// Copyright (C) 2014 Jason Crain <jason@aquaticape.us>
|
|
|
76f8c5 |
//
|
|
|
76f8c5 |
// To see a description of the changes please see the Changelog file that
|
|
|
76f8c5 |
// came with your tarball or type make ChangeLog if you are building from git
|
|
|
76f8c5 |
@@ -5285,8 +5286,15 @@ void Gfx::drawAnnot(Object *str, AnnotBorder *border, AnnotColor *aColor,
|
|
|
76f8c5 |
if (matrixObj.isArray() && matrixObj.arrayGetLength() >= 6) {
|
|
|
76f8c5 |
for (i = 0; i < 6; ++i) {
|
|
|
76f8c5 |
matrixObj.arrayGet(i, &obj1);
|
|
|
76f8c5 |
- m[i] = obj1.getNum();
|
|
|
76f8c5 |
- obj1.free();
|
|
|
76f8c5 |
+ if (likely(obj1.isNum())) {
|
|
|
76f8c5 |
+ m[i] = obj1.getNum();
|
|
|
76f8c5 |
+ obj1.free();
|
|
|
76f8c5 |
+ } else {
|
|
|
76f8c5 |
+ obj1.free();
|
|
|
76f8c5 |
+ matrixObj.free();
|
|
|
76f8c5 |
+ error(errSyntaxError, getPos(), "Bad form matrix");
|
|
|
76f8c5 |
+ return;
|
|
|
76f8c5 |
+ }
|
|
|
76f8c5 |
}
|
|
|
76f8c5 |
} else {
|
|
|
76f8c5 |
m[0] = 1; m[1] = 0;
|
|
|
76f8c5 |
--
|
|
|
76f8c5 |
2.1.0
|
|
|
76f8c5 |
|