diff options
| author | Robin Watts <Robin.Watts@artifex.com> | 2023-02-15 14:27:54 +0000 |
|---|---|---|
| committer | Robin Watts <Robin.Watts@artifex.com> | 2023-02-16 00:05:00 +0000 |
| commit | 2b7ab0bdf13d038a9717cfdc01d6a5be21189ccf (patch) | |
| tree | 56c5d3c14faf8c6983a7189e66bb1c848052888b /base | |
| parent | 4e7d9b2b49ca424c1c886c239c64459172ea83b7 (diff) | |
| download | ghostpdl-2b7ab0bdf13d038a9717cfdc01d6a5be21189ccf.tar.gz | |
Bug 706414: Fix OSS Fuzz 55988 - infinite loop in shadings.
The logic for subdividing patches can be stymied by illegal
rectangles. Detect these early on.
Diffstat (limited to 'base')
| -rw-r--r-- | base/gxshade1.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/base/gxshade1.c b/base/gxshade1.c index 954f93454..0032b8249 100644 --- a/base/gxshade1.c +++ b/base/gxshade1.c @@ -237,6 +237,9 @@ subdivide_patch_fill(patch_fill_state_t *pfs, patch_curve_t c[4]) int v0, v1; int changed; + if (pfs->rect.p.x >= pfs->rect.q.x || pfs->rect.p.y >= pfs->rect.q.y) + return 0; + /* On entry we have a patch: * c[0].vertex c[1].vertex * @@ -983,6 +986,9 @@ subdivide_patch_fill_floats(patch_fill_state_t *pfs, corners_and_curves *cc) int v0, v1; int changed; + if (pfs->rect.p.x >= pfs->rect.q.x || pfs->rect.p.y >= pfs->rect.q.y) + return 0; + /* On entry we have a patch: * c[0].vertex c[1].vertex * |