core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp - Issue 372453005: Fix uninitialized coords and one of infinite loops

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp

Issue 372453005: Fix uninitialized coords and one of infinite loops (Closed) Base URL: https://pdfium.googlesource.com/pdfium.git@master

Patch Set: Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp

diff --git a/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp

index 7ffd186f72d5d4dec16fd7193e3f03692d039017..b54f27a4c9b2c0bc13cb50f0b7d6d7ed16d0d835 100644

--- a/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp

+++ b/core/src/fpdfapi/fpdf_render/fpdf_render_pattern.cpp

@@ -662,6 +662,32 @@ struct CPDF_PatchDrawer {

}

};

+FX_BOOL _CheckCoonTensorPara(const CPDF_MeshStream &stream)

+ FX_BOOL bCoorBits = ( stream.m_nCoordBits== 1 ||

+ stream.m_nCoordBits == 2 ||

+ stream.m_nCoordBits == 4 ||

+ stream.m_nCoordBits == 8 ||

+ stream.m_nCoordBits == 12 ||

+ stream.m_nCoordBits == 16 ||

+ stream.m_nCoordBits == 24 ||

+ stream.m_nCoordBits == 32 );

+ FX_BOOL bCompBits = ( stream.m_nCompBits == 1 ||

+ stream.m_nCompBits == 2 ||

+ stream.m_nCompBits == 4 ||

+ stream.m_nCompBits == 8 ||

+ stream.m_nCompBits == 12 ||

+ stream.m_nCompBits == 16 );

+ FX_BOOL bFlagBits = ( stream.m_nFlagBits == 2 ||

+ stream.m_nFlagBits == 4 ||

+ stream.m_nFlagBits == 8 );

+ return bCoorBits && bCompBits && bFlagBits;

static void _DrawCoonPatchMeshes(FX_BOOL bTensor, CFX_DIBitmap* pBitmap, CFX_AffineMatrix* pObject2Bitmap,

CPDF_Stream* pShadingStream, CPDF_Function** pFuncs, int nFuncs,

CPDF_ColorSpace* pCS, int fill_mode, int alpha)

@@ -676,6 +702,11 @@ static void _DrawCoonPatchMeshes(FX_BOOL bTensor, CFX_DIBitmap* pBitmap, CFX_Aff

if (!stream.Load(pShadingStream, pFuncs, nFuncs, pCS)) {

return;

}

+ if (!_CheckCoonTensorPara(stream)) {

+ return;

+ }

CPDF_PatchDrawer patch;

patch.alpha = alpha;

patch.pDevice = &device;

@@ -687,20 +718,19 @@ static void _DrawCoonPatchMeshes(FX_BOOL bTensor, CFX_DIBitmap* pBitmap, CFX_Aff

pPoints[i].m_Flag = FXPT_BEZIERTO;

}

CFX_FloatPoint coords[16];

- for (int i = 0; i < 16; i ++)

- {

+ for (int i = 0; i < 16; i ++) {

coords[i].Set(0.0f, 0.0f);

}

int point_count = bTensor ? 16 : 12;

while (!stream.m_BitStream.IsEOF()) {

FX_DWORD flag = stream.GetFlag();

- int iStartPoint = 0, iStartColor = 0, i;

+ int iStartPoint = 0, iStartColor = 0, i = 0;

if (flag) {

iStartPoint = 4;

iStartColor = 2;

CFX_FloatPoint tempCoords[4];

- for (int i = 0; i < 4; i ++) {

+ for (i = 0; i < 4; i ++) {

tempCoords[i] = coords[(flag * 3 + i) % 12];

}

FXSYS_memcpy32(coords, tempCoords, sizeof(CFX_FloatPoint) * 4);

« no previous file with comments | « no previous file | no next file » | no next file with comments »