|
 |
76f8c5 |
From 8122f6d6d409b53151a20c5578fc525ee97315e8 Mon Sep 17 00:00:00 2001
|
|
|
76f8c5 |
From: Marek Kasik <mkasik@redhat.com>
|
|
|
76f8c5 |
Date: Thu, 21 Mar 2019 13:47:51 +0100
|
|
|
76f8c5 |
Subject: [PATCH 2/2] cairo: Constrain number of cycles in rescale filter
|
|
|
76f8c5 |
|
|
|
76f8c5 |
Pass address of the first byte after end of the source buffer
|
|
|
76f8c5 |
to downsample_row_box_filter() so that we can check
|
|
|
76f8c5 |
that we don't run out of it.
|
|
|
76f8c5 |
|
|
|
76f8c5 |
Fixes issue #736
|
|
|
76f8c5 |
---
|
|
|
76f8c5 |
poppler/CairoRescaleBox.cc | 18 +++++++++---------
|
|
|
76f8c5 |
1 file changed, 9 insertions(+), 9 deletions(-)
|
|
|
76f8c5 |
|
|
|
76f8c5 |
diff --git a/poppler/CairoRescaleBox.cc b/poppler/CairoRescaleBox.cc
|
|
|
76f8c5 |
index d7615010..7fd07041 100644
|
|
|
76f8c5 |
--- a/poppler/CairoRescaleBox.cc
|
|
|
76f8c5 |
+++ b/poppler/CairoRescaleBox.cc
|
|
|
76f8c5 |
@@ -62,7 +62,7 @@
|
|
|
76f8c5 |
|
|
|
76f8c5 |
static void downsample_row_box_filter (
|
|
|
76f8c5 |
int start, int width,
|
|
|
76f8c5 |
- uint32_t *src, uint32_t *dest,
|
|
|
76f8c5 |
+ uint32_t *src, uint32_t *src_limit, uint32_t *dest,
|
|
|
76f8c5 |
int coverage[], int pixel_coverage)
|
|
|
76f8c5 |
{
|
|
|
76f8c5 |
/* we need an array of the pixel contribution of each destination pixel on the boundaries.
|
|
|
76f8c5 |
@@ -90,13 +90,13 @@ static void downsample_row_box_filter (
|
|
|
76f8c5 |
/* skip to start */
|
|
|
76f8c5 |
/* XXX: it might be possible to do this directly instead of iteratively, however
|
|
|
76f8c5 |
* the iterative solution is simple */
|
|
|
76f8c5 |
- while (x < start)
|
|
|
76f8c5 |
+ while (x < start && src < src_limit)
|
|
|
76f8c5 |
{
|
|
|
76f8c5 |
int box = 1 << FIXED_SHIFT;
|
|
|
76f8c5 |
int start_coverage = coverage[x];
|
|
|
76f8c5 |
box -= start_coverage;
|
|
|
76f8c5 |
src++;
|
|
|
76f8c5 |
- while (box >= pixel_coverage)
|
|
|
76f8c5 |
+ while (box >= pixel_coverage && src < src_limit)
|
|
|
76f8c5 |
{
|
|
|
76f8c5 |
src++;
|
|
|
76f8c5 |
box -= pixel_coverage;
|
|
|
76f8c5 |
@@ -104,7 +104,7 @@ static void downsample_row_box_filter (
|
|
|
76f8c5 |
x++;
|
|
|
76f8c5 |
}
|
|
|
76f8c5 |
|
|
|
76f8c5 |
- while (x < start + width)
|
|
|
76f8c5 |
+ while (x < start + width && src < src_limit)
|
|
|
76f8c5 |
{
|
|
|
76f8c5 |
uint32_t a = 0;
|
|
|
76f8c5 |
uint32_t r = 0;
|
|
|
76f8c5 |
@@ -121,7 +121,7 @@ static void downsample_row_box_filter (
|
|
|
76f8c5 |
x++;
|
|
|
76f8c5 |
box -= start_coverage;
|
|
|
76f8c5 |
|
|
|
76f8c5 |
- while (box >= pixel_coverage)
|
|
|
76f8c5 |
+ while (box >= pixel_coverage && src < src_limit)
|
|
|
76f8c5 |
{
|
|
|
76f8c5 |
a += ((*src >> 24) & 0xff) * pixel_coverage;
|
|
|
76f8c5 |
r += ((*src >> 16) & 0xff) * pixel_coverage;
|
|
|
76f8c5 |
@@ -135,7 +135,7 @@ static void downsample_row_box_filter (
|
|
|
76f8c5 |
/* multiply by whatever is leftover
|
|
|
76f8c5 |
* this ensures that we don't bias down.
|
|
|
76f8c5 |
* i.e. start_coverage + n*pixel_coverage + box == 1 << 24 */
|
|
|
76f8c5 |
- if (box > 0)
|
|
|
76f8c5 |
+ if (box > 0 && src < src_limit)
|
|
|
76f8c5 |
{
|
|
|
76f8c5 |
a += ((*src >> 24) & 0xff) * box;
|
|
|
76f8c5 |
r += ((*src >> 16) & 0xff) * box;
|
|
|
76f8c5 |
@@ -337,7 +337,7 @@ bool CairoRescaleBox::downScaleImage(unsigned orig_width, unsigned orig_height,
|
|
|
76f8c5 |
int start_coverage_y = y_coverage[dest_y];
|
|
|
76f8c5 |
|
|
|
76f8c5 |
getRow(src_y, scanline);
|
|
|
76f8c5 |
- downsample_row_box_filter (start_column, width, scanline, temp_buf + width * columns, x_coverage, pixel_coverage_x);
|
|
|
76f8c5 |
+ downsample_row_box_filter (start_column, width, scanline, scanline + orig_width, temp_buf + width * columns, x_coverage, pixel_coverage_x);
|
|
|
76f8c5 |
columns++;
|
|
|
76f8c5 |
src_y++;
|
|
|
76f8c5 |
box -= start_coverage_y;
|
|
|
76f8c5 |
@@ -345,7 +345,7 @@ bool CairoRescaleBox::downScaleImage(unsigned orig_width, unsigned orig_height,
|
|
|
76f8c5 |
while (box >= pixel_coverage_y)
|
|
|
76f8c5 |
{
|
|
|
76f8c5 |
getRow(src_y, scanline);
|
|
|
76f8c5 |
- downsample_row_box_filter (start_column, width, scanline, temp_buf + width * columns, x_coverage, pixel_coverage_x);
|
|
|
76f8c5 |
+ downsample_row_box_filter (start_column, width, scanline, scanline + orig_width, temp_buf + width * columns, x_coverage, pixel_coverage_x);
|
|
|
76f8c5 |
columns++;
|
|
|
76f8c5 |
src_y++;
|
|
|
76f8c5 |
box -= pixel_coverage_y;
|
|
|
76f8c5 |
@@ -355,7 +355,7 @@ bool CairoRescaleBox::downScaleImage(unsigned orig_width, unsigned orig_height,
|
|
|
76f8c5 |
if (box > 0)
|
|
|
76f8c5 |
{
|
|
|
76f8c5 |
getRow(src_y, scanline);
|
|
|
76f8c5 |
- downsample_row_box_filter (start_column, width, scanline, temp_buf + width * columns, x_coverage, pixel_coverage_x);
|
|
|
76f8c5 |
+ downsample_row_box_filter (start_column, width, scanline, scanline + orig_width, temp_buf + width * columns, x_coverage, pixel_coverage_x);
|
|
|
76f8c5 |
columns++;
|
|
|
76f8c5 |
}
|
|
|
76f8c5 |
|
|
|
76f8c5 |
--
|
|
|
76f8c5 |
2.20.1
|
|
|
76f8c5 |
|