diff options
author | Sebastian Rasmussen <sebras@gmail.com> | 2018-08-12 20:55:17 +0800 |
---|---|---|
committer | Sebastian Rasmussen <sebras@gmail.com> | 2018-08-14 20:56:54 +0800 |
commit | dac34508c049d12c801416727652f94daed4fd4b (patch) | |
tree | 5cad811e8d1b49eae2997bf4acea7d711539a9a8 /source/fitz | |
parent | 2c9c8b75de448ae0ee1394f672eb0baa4c7dd57a (diff) | |
download | mupdf-dac34508c049d12c801416727652f94daed4fd4b.tar.xz |
Bug 699631: Handle unsupported triangle mesh edge flags.
There were two issues with the code parsing the triangle mesh's
edge flags:
* meshes were not require to start with an independent triangle
* out of range edge flags caused vertices to be ignored
A mesh where the edge flag of the first vertice is out of range,
and the edge flag of the second vertex indicates continuation
of a prior triangle would result in trying to create a triangle
where the third coordinate would be uninitialized.
This commit requires the edge flag of the first vertex to indicate
a new independent triangle and if out of range edge flags are
encountered they are treated as if they indicate a new triangle.
Thanks to oss-fuzz for reporting.
Diffstat (limited to 'source/fitz')
-rw-r--r-- | source/fitz/shade.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/source/fitz/shade.c b/source/fitz/shade.c index faf8b67c..63089235 100644 --- a/source/fitz/shade.c +++ b/source/fitz/shade.c @@ -314,6 +314,7 @@ fz_process_shade_type4(fz_context *ctx, fz_shade *shade, fz_matrix ctm, fz_mesh_ const float *c0 = shade->u.m.c0; const float *c1 = shade->u.m.c1; float x, y, c[FZ_MAX_COLORS]; + int first_triangle = 1; fz_try(ctx) { @@ -326,8 +327,22 @@ fz_process_shade_type4(fz_context *ctx, fz_shade *shade, fz_matrix ctm, fz_mesh_ c[i] = read_sample(ctx, stream, bpcomp, c0[i], c1[i]); fz_prepare_vertex(ctx, painter, vd, ctm, x, y, c); + if (first_triangle) + { + if (flag != 0) + { + fz_warn(ctx, "ignoring non-zero edge flags for first vertex in mesh"); + flag = 0; + } + first_triangle = 0; + } + switch (flag) { + default: + fz_warn(ctx, "ignoring out of range edge flag in mesh"); + /* fallthrough */ + case 0: /* start new triangle */ SWAP(va, vd); |