Commit 37659c01 authored by Albert Astals Cid's avatar Albert Astals Cid

Account for verticesA possible overflow in GfxGouraudTriangleShading::parse

fixes oss-fuzz file abort
parent e69dc7a5
......@@ -4877,7 +4877,13 @@ GfxGouraudTriangleShading *GfxGouraudTriangleShading::parse(GfxResources *res, i
int oldVertSize = vertSize;
vertSize = (vertSize == 0) ? 16 : 2 * vertSize;
verticesA = (GfxGouraudVertex *)
greallocn(verticesA, vertSize, sizeof(GfxGouraudVertex));
greallocn_checkoverflow(verticesA, vertSize, sizeof(GfxGouraudVertex));
if (unlikely(!verticesA)) {
error(errSyntaxWarning, -1, "GfxGouraudTriangleShading::parse: vertices size overflow");
gfree(trianglesA);
delete bitBuf;
return nullptr;
}
memset(verticesA + oldVertSize, 0, (vertSize - oldVertSize) * sizeof(GfxGouraudVertex));
}
verticesA[nVerticesA].x = xMin + xMul * (double)x;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment