Blob Blame Raw
From e465d36b8ecf46b80af4ac6b941ae56eb4883a89 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Mon, 19 Jun 2017 23:35:29 +0200
Subject: [PATCH] Fix crash on malformed files

Bug #101502
---
 poppler/GfxState.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/poppler/GfxState.cc b/poppler/GfxState.cc
index b17925f..e6cd329 100644
--- a/poppler/GfxState.cc
+++ b/poppler/GfxState.cc
@@ -4036,6 +4036,12 @@ void GfxUnivariateShading::getColor(double t, GfxColor *color) {
   double out[gfxColorMaxComps];
   int i, nComps;
 
+  if (unlikely(nFuncs < 1)) {
+    for (int i = 0; i < gfxColorMaxComps; i++)
+        color->c[i] = 0;
+    return;
+  }
+
   // NB: there can be one function with n outputs or n functions with
   // one output each (where n = number of color components)
   nComps = nFuncs * funcs[0]->getOutputSize();
@@ -4089,6 +4095,9 @@ void GfxUnivariateShading::setupCache(const Matrix *ctm,
   cacheBounds = NULL;
   cacheSize = 0;
 
+  if (unlikely(nFuncs < 1))
+    return;
+
   // NB: there can be one function with n outputs or n functions with
   // one output each (where n = number of color components)
   nComps = nFuncs * funcs[0]->getOutputSize();
-- 
2.9.3