pdfium.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Cary Clark <caryclark@skia.org>	2017-07-05 11:52:16 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-07-05 19:23:29 +0000
commit	8528723bc8aa97c62254c9f22afdd6b9f19570de (patch)
tree	3df043a167bb0caa2aa57ec3c9e607c34dc34a3c /fpdfsdk/javascript/JS_KeyValue.h
parent	4bba683632b1db429343ca6cc54f803ac857ef35 (diff)
download	pdfium-8528723bc8aa97c62254c9f22afdd6b9f19570de.tar.xz

fix fuzzer generated out of range

I could not get this to reproduce. It was also reported in April, but I marked it fixed because I couldn't reproduce this then, either. I suspect that the result of LineSide() is +/-inf, causing either minBounds or maxBounds in ClipAngledGradient() to be set to -1, triggering the stack buffer misread. R=dsinclair@chromium.org,npm@chromium.org Bug: 736574 Change-Id: Id828321f8c5481b862822be43d76a41dd8e74ef0 Reviewed-on: https://pdfium-review.googlesource.com/7273 Reviewed-by: dsinclair <dsinclair@chromium.org> Reviewed-by: Nicolás Peña <npm@chromium.org> Commit-Queue: Cary Clark <caryclark@google.com>

Diffstat (limited to 'fpdfsdk/javascript/JS_KeyValue.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: