Console View
|
|
|||
Albert Astals Cid
aacid @kde.org |
|
||
qt: Fix regression in QIODeviceOutStream + MSVC vsnprintf actually works fine than qvsnprintf on MSVC nowadays so use that |
|||
Albert Astals Cid
aacid @kde.org |
|
||
Make checkedAdd work for long long in MSVC | |||
Albert Astals Cid
aacid @kde.org |
|
||
FoFiTrueType::cvtSfnts: Fix uninitialized memory read on broken files Initialize maxUsedGlyph after the early check returns oss-fuzz/29629 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
qt: Properly export NewSignatureData | |||
Albert Astals Cid
aacid @kde.org |
|
||
Splash: fix uninitialized memory read on broken files oss-fuzz/23086 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
CCITTFaxStream: Fix uninitialized memory read in broken files oss-fuzz/8795 |
|||
|
|||
Albert Astals Cid
aacid @kde.org |
|
||
Relax the check in Gfx::opSetFillGray | |||
|
|||
Albert Astals Cid
aacid @kde.org |
|
||
Gfx::opSetFillRGBColor: Fix uninitialized memory read in bad files Make sure colorspace doesn't need more comps than we have oss-fuzz/29522 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
Don't try to read xref at negative stream positions oss-fuzz/29460 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
FoFiTrueType::cvtSfnts: Fix uninitialized memory read on broken files oss-fuzz/29386 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
Gfx::opSetFillGray: Make sure the colorspace is gray Otherwise we will end up doing an uninitialized memory read down the road oss-fuzz/10040 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
Update (C) | |||
Albert Astals Cid
aacid @kde.org |
|
||
XRef::readXRef: Improve overflow check oss-fuzz/11744 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
Also protect against malformed GfxPatchMeshShading oss-fuzz/11197 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
GfxDeviceNColorSpace: Shift the validity check to the constructor | |||
Albert Astals Cid
aacid @kde.org |
|
||
Fix uninitialized memory read on broken files oss-fuzz/10059 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
JBIG2Stream: Protect against yet another potential overflow oss-fuzz/29335 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
PSOutputDev: Fix memory leak on broken files oss-fuzz/29330 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
Fix leak introduced in 0e6c3ff9bb4390d2b426a4cddbb638c19811055d oss-fuzz/29305 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
JBIG2Stream::readTextRegion: Fix yet another potential integer overflow oss-fuzz/27783 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
Generalize the EOFStream wrapping EOFStream code | |||
Albert Astals Cid
aacid @kde.org |
|
||
FoFiType1C::cvtGlyph: Fix uninitialized memory read on broken files oss-fuzz/29269 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
Fix two k that should have been k+1 | |||
Albert Astals Cid
aacid @kde.org |
|
||
Check obj1 is a stream before getting the stream It seems we already did this check a few lines above, and indeed we did, but on very broken documents, if arr[1] is a Ref, getting objects may end up in a reconstruct xref call which may end up changing the type of arr[1] the next time we ask for it oss-fuzz/29260 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
FoFiTrueType::parse: If we don't have tables parsing didn't succeed oss-fuzz/29217 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
PSOutputDev: protect against potential divide by 0 oss-fuzz/29241 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
JBIG2Stream::readSymbolDictSeg: Return early if one of the bitmaps is null Doesn't seem to regress any of the valid files i have and saves some broken ones that loop for hours |
|||
Albert Astals Cid
aacid @kde.org |
|
||
SplashXPathScanner: If any of the segments of the path is nan, path is not valid Fixes crash in broken files #1022 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
PSOutputDev: Fix memory leak on broken files oss-fuzz/29201 |
|||
Oliver Sander
oliver.sander @tu-dresden.de |
|
||
JBIG2Stream: Store segments as std::unique_ptrs This makes the memory handling more error-proof, because all necessary calls to 'delete' happen automatically. This patch introduces several calls to std::unique_ptr::release, and hence break the explicit ownership chain established by using std::unique_ptr. Not all of the calls are strictly necessary, but without them the patch would get a lot bigger than it is. Better keep that for another day. |
|||
Albert Astals Cid
aacid @kde.org |
|
||
PSOutputDev: fix a few integer overflows Now that we have oss-fuzz coverage i guess more will be coming soon ^_^ oss-fuzz/29199 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
Update (C) | |||
Albert Astals Cid
aacid @kde.org |
|
||
Don't wrap EOFStream in an EOFStream It's unneeded and can be relatively easily used to create stack overflows oss-fuzz/29184 |
|||
Albert Astals Cid
aacid @kde.org |
|
||
fuzz the ps converter code | |||
Albert Astals Cid
aacid @kde.org |
|
||
CI: Enable goostring-format-checker clang checker | |||
Albert Astals Cid
aacid @kde.org |
|
||
Change a few variables to types GooString::format knows about None of them is problematic, but being more strict let's use enable the goostring-format-checker clang plugin |
|||
Albert Astals Cid
aacid @kde.org |
|
||
HtmlOutputDev: Fix error() parameter type This would cause a crash if that error() is ever called |
|||
Albert Astals Cid
aacid @kde.org |
|
||
Account for fread potentially failing | |||
Albert Astals Cid
aacid @kde.org |
|
||
Account for Gfseek potentially failing | |||
Albert Astals Cid
aacid @kde.org |
|
||
FormWidgetSignature::signDocument: Fix resource leak if something goes wrong | |||