From db6823cd748a65930b778dd3859a6fe99f38be96 Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Thu, 9 Aug 2018 04:10:51 +0800 Subject: Bug 699628: Add fz_var to variable set in fz_try and used in fz_always. When pdf_xobject_transparency() indicates transparency, pdf_run_xobject() will push a mask with 2 components (gray + alpha). Because fz_var was missing for the transparency variable its value would, if fz_throw() was called, not be preserved in fz_always{}. This means that fz_always{} would never pop the mask from the stack. At a later stage some code would call fz_end_mask() and then trigger an assert() where the number of components was restricted to 1. Marking the variable with fz_var means that the mask will now be popped as expected. Thanks to oss-fuzz for reporting. --- source/pdf/pdf-op-run.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source/pdf') diff --git a/source/pdf/pdf-op-run.c b/source/pdf/pdf-op-run.c index 0bd4ec21..42b67214 100644 --- a/source/pdf/pdf-op-run.c +++ b/source/pdf/pdf-op-run.c @@ -1213,6 +1213,7 @@ pdf_run_xobject(fz_context *ctx, pdf_run_processor *proc, pdf_obj *xobj, pdf_obj fz_var(oldbot); fz_var(cs); fz_var(saved_def_cs); + fz_var(transparency); gparent_save = pr->gparent; pr->gparent = pr->gtop; -- cgit v1.2.3