summaryrefslogtreecommitdiff
path: root/fitz/doc_interactive.c
diff options
context:
space:
mode:
authorRobin Watts <robin.watts@artifex.com>2012-12-24 15:51:21 +0000
committerRobin Watts <robin.watts@artifex.com>2013-01-02 12:26:43 +0000
commit9e92b5bb54700e1e4e77bde517d45820d383db8e (patch)
tree2e3fddc789f3e8e4d0778aa7dfd0a6be2ff9dd69 /fitz/doc_interactive.c
parent12f83ab602f913e8e34aab5348339bccc8ace53e (diff)
downloadmupdf-9e92b5bb54700e1e4e77bde517d45820d383db8e.tar.xz
Bug 693503: Fix leak/illegal memory write caused by stale pointer
When running a softmask, we remove the softmask from the gstate, then run the group contents, then put the softmask back. If the gstate stack is moved in the meantime (due to it being realloced for extension), we can end up with it being moved. We therefore must recalculate gstate before writing again. Problem found in a test file, pdf_001/2599.pdf.asan.58.1778 supplied by Mateusz "j00ru" Jurczyk and Gynvael Coldwind of the Google Security Team using Address Sanitizer. Many thanks!
Diffstat (limited to 'fitz/doc_interactive.c')
0 files changed, 0 insertions, 0 deletions